| Summary: | Update request: kernel-tmb-4.9.40-1.mga6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, jim, nathan95, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA6-64-OK MGA6-32-OK | ||
| Source RPM: | kernel-tmb | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2017-07-28 18:56:04 CEST
Aorus X5 laptop mga6 x86_64 EFI boot on multiboot system ASUS motherboard 16 GB RAM Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz 2 x nvidia GeForce GTX 965M Installed the 3 packages and ran drakboot. nvidia-current rebuilt during reboot. Ran the usual battery of tests. During stress tests the temperature went dangerously high - 92°C, because firefox was misbehaving again, as it does on every installation now. It settled down and the machine seems to be OK. Mate is running fine. CC:
(none) =>
tarazed25 subject: Updated kernel-tmb packages fixes security and other bugs
CVE:
- CVE-2017-10810
src:
6:
core:
- kernel-tmb-4.9.40-1.mga6
description: |
This kernel-tmb update is based on upstream 4.9.40 and fixes atleast the
following security issues:
Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
is vulnerable to a memory leakage issue. It could occur while creating a
virtio gpu object in virtio_gpu_object_create(). A user/process could use
this flaw to leak host kernel memory potentially resulting in Dos
(CVE-2017-10810).
It also contains followup fixes to the Stack Clash (CVE-2017-1000370,
CVE-2017-1000371) security issues resolved in kernels released at end
of June, 2017.
Other Mageia kernel specific fixes in this updates:
- enable support for NFS4_1 and NFS4_2 (mga#21182)
- ALSA: hda/realtek - New codecs support for ALC215/ALC285/ALC289
- ALSA: hda/realtek - New codec device ID for ALC1220
- platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (mga#18756)
For other upstream fixes in this update, read the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=21389
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.37
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.38
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.40Whiteboard:
(none) =>
advisory MGA6-32 on Asus A6000VM MATE with propietary nvidia No installtion issues. After reboot all usual suspects are OK: Office documents, video playing, access to NFS shares and wifi printer. OK fro me CC:
(none) =>
herman.viaene Acer Aspire ES 11 MGA 6 64 After installation I have not noticed regressions OK for me CC:
(none) =>
nathan95 It's tested enough to validate... I need theese out of the way as I need to start releasing new kernels for test as there is a new root exploit on the way... Added OK's and validated Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0259.html Status:
NEW =>
RESOLVED |