Bug 21709

Summary: Update request: kernel-tmb-4.9.50-1.mga6
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tarazed25
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK MGA6-32-OK
Source RPM: kernel-tmb CVE:
Status comment:

Description Thomas Backlund 2017-09-14 19:58:13 CEST 
Updated kernels fixing various security issues, including the "BlueBorne" bluetooth remote code execution CVE-2017-1000251 ...

Advisory will follow...


SRPMS:
kernel-tmb-4.9.50-1.mga6.src.rpm


i586:
kernel-tmb-desktop-4.9.50-1.mga6-1-1.mga6.i586.rpm
kernel-tmb-desktop-devel-4.9.50-1.mga6-1-1.mga6.i586.rpm
kernel-tmb-desktop-devel-latest-4.9.50-1.mga6.i586.rpm
kernel-tmb-desktop-latest-4.9.50-1.mga6.i586.rpm
kernel-tmb-source-4.9.50-1.mga6-1-1.mga6.noarch.rpm
kernel-tmb-source-latest-4.9.50-1.mga6.noarch.rpm


x86_64:
kernel-tmb-desktop-4.9.50-1.mga6-1-1.mga6.x86_64.rpm
kernel-tmb-desktop-devel-4.9.50-1.mga6-1-1.mga6.x86_64.rpm
kernel-tmb-desktop-devel-latest-4.9.50-1.mga6.x86_64.rpm
kernel-tmb-desktop-latest-4.9.50-1.mga6.x86_64.rpm
kernel-tmb-source-4.9.50-1.mga6-1-1.mga6.noarch.rpm
kernel-tmb-source-latest-4.9.50-1.mga6.noarch.rpm
Comment 1 Len Lawrence 2017-09-15 10:52:45 CEST 
mga6 UEFI x86_64
4.9.43-desktop-1.mga6
Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
NVIDIA Corporation GM204 [GeForce GTX 970] 
RAM 31.37 GB

Installed:
- bluez-5.45-2.1.mga6.x86_64
- kernel-tmb-desktop-4.9.50-1.mga6-1-1.mga6.x86_64
- kernel-tmb-desktop-devel-4.9.50-1.mga6-1-1.mga6.x86_64
- kernel-tmb-desktop-devel-latest-4.9.50-1.mga6.x86_64
- kernel-tmb-desktop-latest-4.9.50-1.mga6.x86_64
- kernel-tmb-source-4.9.50-1.mga6-1-1.mga6.noarch
- kernel-tmb-source-latest-4.9.50-1.mga6.noarch
- lib64bluez3-5.45-2.1.mga6.x86_64

$ drakboot --boot
$ reboot
Mate desktop completely functional.  NFS OK.  Installed pending updates.
$ uname -r
4.9.50-tmb-desktop-1.mga6
$ stress -c 5 -t 30
$ stress -m 4 -t 30
$ stress -d 4 -t 30
$ stellarium
No problems.
$ glmark2
score = 7062 (relatively low for this machine).  One core fully occupied.

bluetoothd running.
Used blueman-assistant, hcitool and bluetoothctl to connect wireless speaker to audio sink and monitor operations.

@tmb  Is that all we need to do re the Blueborne vulnerability?

CC: (none) => tarazed25

Comment 2 Thomas Backlund 2017-09-15 13:19:12 CEST 
(In reply to Len Lawrence from comment #1)

> bluetoothd running.
> Used blueman-assistant, hcitool and bluetoothctl to connect wireless speaker
> to audio sink and monitor operations.
> 
> @tmb  Is that all we need to do re the Blueborne vulnerability?


yeah, that's enough
Comment 3 Dave Hodgins 2017-09-15 16:06:42 CEST 
Tested on both real hardware, and under vb, both arches. Adding the OKs.

Whiteboard: (none) => MGA6-64-OK MGA6-32-OK
CC: (none) => davidwhodgins

Comment 4 Thomas Backlund 2017-09-15 19:36:30 CEST 
Advisory:

  This kernel-tmb update is based on upstream 4.9.50 and fixes atleast the
  following security issues:

  net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when 
  CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of
  xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users
  to cause a denial of service (out-of-bounds access) or possibly have
  unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message
  (CVE-2017-11600).

  The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen
  might allow local OS guest users to corrupt block device data streams
  and consequently obtain sensitive memory information, cause a denial of
  service, or gain host OS privileges by leveraging incorrect block IO
  merge-ability calculation (CVE-2017-12134 / XSA-229).

  The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel
  before 4.13.2 does not verify that a filesystem has a realtime device,
  which allows local users to cause a denial of service (NULL pointer
  dereference and OOPS) via vectors related to setting an RHINHERIT flag
  on a directory (CVE-2017-14340).

  The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the
  Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable
  to a stack overflow vulnerability in the processing of L2CAP configuration
  responses resulting in Remote code execution in kernel space
  (CVE-2017-1000251).

  For other upstream fixes in this update, read the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=21709
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50

Whiteboard: MGA6-64-OK MGA6-32-OK => MGA6-64-OK MGA6-32-OK advisory

Dave Hodgins 2017-09-15 20:59:41 CEST

Keywords: (none) => advisory, validated_update
Whiteboard: MGA6-64-OK MGA6-32-OK advisory => MGA6-64-OK MGA6-32-OK
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2017-09-16 10:25:53 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0343.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED