| Summary: | Update request: kernel-4.4.55-1.mga5 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | High | CC: | andrewsfarm, davidwhodgins, jim, mageia, marja11, sysadmin-bugs, wilcal.int |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | kernel | CVE: | |
| Status comment: | |||
| Bug Depends on: | 20222 | ||
| Bug Blocks: | 20553 | ||
| Attachments: | screenshot of the Xorg.log | ||
|
Description
Thomas Backlund
2017-03-19 18:24:19 CET
Thomas Backlund
2017-03-19 18:27:13 CET
Depends on:
(none) =>
20222 Raising priority as atleast one CVE is classed as a local privilegie escalation Priority:
Normal =>
High
Marja Van Waes
2017-03-22 19:14:49 CET
Blocks:
(none) =>
20553 No regressions noticed. Tested on a x86_64 system with nvidia proprietary driver and Plasma DE. Tested a bunch of programs with no issues. $ uname -a Linux marte 4.4.55-desktop-1.mga5 #1 SMP Sat Mar 18 18:21:07 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux CC:
(none) =>
mageia Updated an Athlon X2/nvidia340 machine to the 64-bit server kernel, with dkms building the virtualbox modules locally. Packages installed cleanly, and after update no issues noted. Firefox 45.8 and Thunderbird 45.8 both worked, as did Virtualbox. All existing Virtualbox guests booted and ran as expected. Also, updated one 64-bit guest and one 32-bit guest, with the guestadditions modules built locally. No issues noted with either guest. CC:
(none) =>
andrewsfarm Updated one each 32-bit and 64-bit server kernel installs on a Sempron 3100+/nvidia304 machine. This processor has proven to be inadequate for Virtualbox, so it was not tested. Packages installed cleanly, no issues noted on either install. Minimal test last night: fully updated a neglected _64bit_ Mageia 5 on https://wiki.mageia.org/en/User:Marja/QA/Hardware#Lenovo_ThinkPad_SL510 with Intel Gfx, rebooted, enabled updates_testing (core and nonfree), updated again, rebooted into the new kernel-desktop-4.4.55-1.mga5-1-1.mga5.x86_64 and ran some applications, like FF and TB. No problems encountered. CC:
(none) =>
marja11 Virtualbox update was validated/pushed, so here is the kmods for this update: SRPMS: kmod-vboxadditions-5.1.18-2.mga5.src.rpm kmod-virtualbox-5.1.18-2.mga5.src.rpm i586: vboxadditions-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-4.4.55-desktop586-1.mga5-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-server-latest-5.1.18-2.mga5.i586.rpm virtualbox-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.i586.rpm virtualbox-kernel-4.4.55-desktop586-1.mga5-5.1.18-2.mga5.i586.rpm virtualbox-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.1.18-2.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.1.18-2.mga5.i586.rpm virtualbox-kernel-server-latest-5.1.18-2.mga5.i586.rpm x86_64: vboxadditions-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.x86_64.rpm vboxadditions-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.1.18-2.mga5.x86_64.rpm Oh, and the whole Mageia build infra has been running on the x86_64 server kernel for the last 4+ days without issues On mga5-64 Packages installed cleanly: - cpupower-4.4.55-1.mga5.x86_64 - kernel-desktop-4.4.55-1.mga5-1-1.mga5.x86_64 - kernel-desktop-latest-4.4.55-1.mga5.x86_64 - virtualbox-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.x86_64 - virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64 System re-booted normally $ uname -r 4.4.55-desktop-1.mga5 no regressions noted (virtualbox and win7, winxp clients running normally) OK for mga5-64 on this system: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 Card: Intel HD Graphics 530 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) CC:
(none) =>
jim
Advisory (already added to svn)
subject: Updated kernel packages fixes security vulnerabilities
CVE:
- CVE-2017-2636
- CVE-2017-6346
- CVE-2017-6347
- CVE-2017-6348
src:
5:
core:
- kernel-4.4.55-1.mga5
- kernel-userspace-headers-4.4.55-1.mga5
- kmod-vboxadditions-5.1.18-2.mga5
- kmod-virtualbox-5.1.18-2.mga5
- kmod-xtables-addons-2.10-35.mga5
description: |
This kernel update is based on upstream 4.4.55 and fixes atleast
the following security issues:
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1
allows local users to gain privileges or cause a denial of service (double
free) by setting the HDLC line discipline (CVE-2017-2636).
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13
allows local users to cause a denial of service (use-after-free) or possibly
have unspecified other impact via a multithreaded application that makes
PACKET_FANOUT setsockopt system calls (CVE-2017-6346).
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux
kernel before 4.10.1 has incorrect expectations about skb data layout,
which allows local users to cause a denial of service (buffer over-read)
or possibly have unspecified other impact via crafted system calls, as
demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP
transmission (CVE-2017-6347).
The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before
4.9.13 improperly manages lock dropping, which allows local users to cause a
denial of service (deadlock) via crafted operations on IrDA devices
(CVE-2017-6348).
For other upstream fixes in this update, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=20527
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55Whiteboard:
(none) =>
advisory Testing complete on both i586 and x86_64, both on real hardware and under vb. Validating the update. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0088.html Status:
NEW =>
RESOLVED On real hardware, M5, KDE, 64-bit
initial install:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest
[root@localhost wilcal]# uname -a
Linux localhost 4.4.50-desktop-2.mga5 #1 SMP Thu Feb 23 21:21:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.50-2.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.1.18-1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-4.4.50-2.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest
Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
Subsystem: Gigabyte Technology Co., Ltd Device 3518
Kernel driver in use: nvidia
Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current
M5.1 i586 Gnome Live-CD runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.
install or check:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest
from updates_testing
[root@localhost wilcal]# uname -a
Linux localhost 4.4.55-desktop-1.mga5 #1 SMP Sat Mar 18 18:21:07 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.55-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.1.18-1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-4.4.55-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest
Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
Subsystem: Gigabyte Technology Co., Ltd Device 3518
Kernel driver in use: nvidia
Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current
System boots to a working desktop. Common apps work.
Previously created M5 i586 Gnome Live-CD runs as a Vbox client.
M5.1 Gnome x86_64 Live-DVD runs as a Vbox client.
M5.1 x86_64 KDE CI, installs and updates as a Vbox client.
Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Looks goodCC:
(none) =>
wilcal.int Created attachment 9159 [details]
screenshot of the Xorg.log
My VM with Mageia 5 no longer boots with 4.4.55, see the screenshot. It works fine with 4.4.30.
(In reply to Frédéric Buclin from comment #13) > Created attachment 9159 [details] > screenshot of the Xorg.log > > My VM with Mageia 5 no longer boots with 4.4.55, see the screenshot. It > works fine with 4.4.30. In the virtualbox guest, add the kernel option nomodeset. |