Bug 20607

Validating the update

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK MGA5-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

I need to get through my Vbox host testing today

CC: (none) => wilcal.int

On real hardware, M5, KDE, 64-bit

initial install:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.4.55-desktop-1.mga5 #1 SMP Sat Mar 18 18:21:07 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.55-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.1.18-1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-4.4.55-1.mga5.x86_64 is already installed
Marking kernel-desktop-devel-latest as manually installed, it won't be auto-orphaned
writing /var/lib/rpm/installed-through-deps.list
[root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest
Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current

M5.1 i586 Gnome Live-CD runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

install or check:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 4.4.59-desktop-1.mga5 #1 SMP Thu Mar 30 21:28:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.59-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.1.18-3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.1.18-1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.1.18-3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.1.18-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-4.4.59-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest
Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current

System boots to a working desktop. Common apps work.
Previously created M5 i586 Gnome Live-CD runs as a Vbox client.
M5.1 Gnome x86_64 Live-DVD runs as a Vbox client.
M5.1 x86_64 KDE CI, installs and updates as a Vbox client.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)

Looks good

I was lazy and just updated from testing, pulling in more than just the new kernel.

After installing kernel-desktop-4.4.59-1.mga5-1-1.mga5.x86_64.rpm, cpupower-4.4.59-1.mga5.x86_64.rpm, kernel-userspace-headers-4.4.59-1.mga5.x86_64.rpm and some unrelated packages, a new initrd etc. were created, and grub.conf was updated.

I forgot that the bootloader in the MBR was written from a cauldron install, not from this Mga5 install, because that never gave problems :-(

On reboot I get: 

    free magic is broken at 0x67697320: 0x4a76a0
    Aborted.

If that's related to using the cauldron bootloader, then I don't know why this never happened before.

Booting an older kernel works.

CC: (none) => marja11

and booting this kernel works, too, when using SuperGrub2 disk

[marja@Mga5_64bit ~]$ uname -a
Linux Mga5_64bit 4.4.59-desktop-1.mga5 #1 SMP Thu Mar 30 21:28:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[marja@Mga5_64bit ~]$ 

Everything looks fine, I'd like to install the bootloader in the MBR from here, to see whether that free magic error reoccurs, but will wait.

No issues to report mga5-64

dkms modules compiled on kernel update:
nvidia-current
broadcom-wl

Not tested: vboxadditions

Hardware tested: Intel Core 2 Duo E8400, 6GB, Intel graphics, Realtek wifi

Kernels tested: 64-bit desktop 4.4.59-1 32-bit server 4.4.59-1

All tests look OK. Common apps work.

CC: (none) => andrewsfarm

Hardware tested: AMD Athlon X2 7750, 8GB, Geforce 9800 GT graphics.

Kernel tested: 64-bit server 4.4.59-1 with nvidia340 driver and virtualbox module.

Tests look good. Common apps work, including VirtualBox. Using Firefox now to make this report.

on mga5-64

packages installed cleanly:
- cpupower-4.4.59-1.mga5.x86_64
- kernel-desktop-4.4.59-1.mga5-1-1.mga5.x86_64
- kernel-desktop-latest-4.4.59-1.mga5.x86_64

system re-booted normally
$ uname -r
4.4.59-desktop-1.mga5

no regressions noted

OK on this system:
Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)

CC: (none) => jim

(In reply to James Kerr from comment #9)

on the same system:
$ uname -r
4.4.59-desktop-1.mga5

packages installed cleanly:
- virtualbox-kernel-4.4.59-desktop-1.mga5-5.1.18-3.mga5.x86_64
- virtualbox-kernel-desktop-latest-5.1.18-3.mga5.x86_64

vbox and winxp and win7 clients running normally

No regressions noticed in Mageia 5 x86_64 on VirtualBox VM and HW. Tested for several hours on multiple applications and concurrent Plasma sessions.

CPU: Core 2 Quad CPU Q9400
GPU: GeForce 210 with nvidia340
DE: Plasma

# uname -a
Linux marte 4.4.59-desktop-1.mga5 #1 SMP Thu Mar 30 21:28:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# lspcidrake 
pata_jmicron    : JMicron Technology Corp.|JMB368 IDE controller [STORAGE_IDE]
r8169           : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 02)
snd_hda_intel   : NVIDIA Corporation|High Definition Audio Controller [MULTIMEDIA_AUDIO_DEV] (rev: a1)
Card:NVIDIA GeForce 8100 to GeForce 415: NVIDIA Corporation|GT218 [GeForce 210] [DISPLAY_VGA] (rev: a2)
i2c_i801        : Intel Corporation|82801JI (ICH10 Family) SMBus Controller [SERIAL_SMBUS]
unknown         : Intel Corporation|82801JI (ICH10 Family) SATA AHCI Controller [STORAGE_SATA]
lpc_ich         : Intel Corporation|82801JIB (ICH10) LPC Interface Controller [BRIDGE_ISA]
unknown         : Intel Corporation|82801 PCI Bridge [BRIDGE_PCI] (rev: 90)
ehci_pci        : Intel Corporation|82801JI (ICH10 Family) USB2 EHCI Controller #1 [SERIAL_USB]
uhci_hcd        : Intel Corporation|82801JI (ICH10 Family) USB UHCI Controller #3 [SERIAL_USB]
uhci_hcd        : Intel Corporation|82801JI (ICH10 Family) USB UHCI Controller #2 [SERIAL_USB]
uhci_hcd        : Intel Corporation|82801JI (ICH10 Family) USB UHCI Controller #1 [SERIAL_USB]
shpchp          : Intel Corporation|82801JI (ICH10 Family) PCI Express Root Port 3 [BRIDGE_PCI]
shpchp          : Intel Corporation|82801JI (ICH10 Family) PCI Express Port 2 [BRIDGE_PCI]
shpchp          : Intel Corporation|82801JI (ICH10 Family) PCI Express Root Port 1 [BRIDGE_PCI]
snd_hda_intel   : Intel Corporation|82801JI (ICH10 Family) HD Audio Controller [MULTIMEDIA_AUDIO_DEV]
ehci_pci        : Intel Corporation|82801JI (ICH10 Family) USB2 EHCI Controller #2 [SERIAL_USB]
uhci_hcd        : Intel Corporation|82801JI (ICH10 Family) USB UHCI Controller #6 [SERIAL_USB]
uhci_hcd        : Intel Corporation|82801JI (ICH10 Family) USB UHCI Controller #5 [SERIAL_USB]
uhci_hcd        : Intel Corporation|82801JI (ICH10 Family) USB UHCI Controller #4 [SERIAL_USB]
shpchp          : Intel Corporation|4 Series Chipset PCI Express Root Port [BRIDGE_PCI] (rev: 03)
unknown         : Intel Corporation|4 Series Chipset DRAM Controller [BRIDGE_HOST] (rev: 03)
hub             : Linux 4.4.59-desktop-1.mga5 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 4.4.59-desktop-1.mga5 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
Mouse:evdev     : Logitech|USB Receiver [Human Interface Device|Boot Interface Subclass|Keyboard]
hub             : Linux 4.4.59-desktop-1.mga5 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 4.4.59-desktop-1.mga5 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 4.4.59-desktop-1.mga5 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 4.4.59-desktop-1.mga5 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 4.4.59-desktop-1.mga5 ehci_hcd|EHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Genesys Logic, Inc.|USB2.0 Hub [Hub|Unused|Full speed (or root) hub]
hub             : Linux 4.4.59-desktop-1.mga5 ehci_hcd|EHCI Host Controller [Hub|Unused|Full speed (or root) hub]
usb_storage     : Generic|Mass Storage Device [Mass Storage|SCSI|Bulk-Only]
hid_logitech    : Logitech USB Receiver
hid_logitech    : Logitech USB Receiver

CC: (none) => mageia

Advisory, also added to svn:

type: security
subject: Updated kernel packages fixes security vulnerability
CVE:
 - CVE-2017-7184
src:
  5:
   core:
     - kernel-4.4.59-1.mga5
     - kernel-userspace-headers-4.4.59-1.mga5
     - kmod-vboxadditions-5.1.18-3.mga5
     - kmod-virtualbox-5.1.18-3.mga5
     - kmod-xtables-addons-2.10-36.mga5
description: |
  This kernel update is based on upstream 4.4.59 and fixes atleast
  the following security issue:

  The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux
  kernel through 4.10.6 does not validate certain size data after an
  XFRM_MSG_NEWAE update, which allows local users to obtain root privileges
  or cause a denial of service (heap-based out-of-bounds access) by
  leveraging the CAP_NET_ADMIN capability (CVE-2017-7184).

  For other upstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20607
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.57
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.58
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59

Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0097.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED