Bug 21712

Summary: Update request: kernel-tmb-4.4.88-2.mga5
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tarazed25
Version: 5Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5-64-OK MGA5-32-OK
Source RPM: kernel-tmb CVE:
Status comment:

Description Thomas Backlund 2017-09-14 19:58:51 CEST 
Updated kernels fixing various security issues, including the "BlueBorne" bluetooth remote code execution CVE-2017-1000251 ...

Advisory will follow...


SRPMS:
kernel-tmb-4.4.88-1.mga5.src.rpm


i586:
kernel-tmb-desktop-4.4.88-1.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-4.4.88-1.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-latest-4.4.88-1.mga5.i586.rpm
kernel-tmb-desktop-latest-4.4.88-1.mga5.i586.rpm
kernel-tmb-source-4.4.88-1.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.88-1.mga5.noarch.rpm


x86_64:
kernel-tmb-desktop-4.4.88-1.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-4.4.88-1.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-latest-4.4.88-1.mga5.x86_64.rpm
kernel-tmb-desktop-latest-4.4.88-1.mga5.x86_64.rpm
kernel-tmb-source-4.4.88-1.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.88-1.mga5.noarch.rpm
Thomas Backlund 2017-09-14 19:59:51 CEST

QA Contact: (none) => security
Component: RPM Packages => Security

Comment 1 Len Lawrence 2017-09-15 12:35:44 CEST 
mga5 UEFI x86_64
4.4.82-1.mga5 (linus)
Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
NVIDIA Corporation GM204 [GeForce GTX 970] 
RAM 31.38 GB

Bluetooth packages installed:
bluez-5.28-1.1.mga5
bluez-cups-5.28-1.1.mga5
bluez-hid2hci-5.28-1.1.mga5
lib64bluez3-5.28-1.1.mga5
lib64bluez-devel-5.28-1.1.mga5

Installed kernel-tmb-desktop-latest-4.4.88 suite, ran drakboot --boot and rebooted.
nvidia kmod rebuilt.
Back to the Mate desktop.
$ uname -r
4.4.88-tmb-desktop-1.mga5
Installed pending updates including dbus.
Rebooted
Ran stress tests and glmark2 (score 21150).
Checked bluetooth audio - running fine.

CC: (none) => tarazed25

Comment 2 Dave Hodgins 2017-09-15 15:18:23 CEST 
As reported for kernel-linus, this conflicts with kernel-firmware-nonfree

Keywords: (none) => feedback
CC: (none) => davidwhodgins

Comment 3 Thomas Backlund 2017-09-15 18:48:35 CEST 
Ah, well spotted, it happend as part of http://advisories.mageia.org/MGASA-2017-0261.html

It was supposed to change conflicts on microcode, not kernel-firmware-nonfree... :/

a fixed 4.4.88-2.mga5 is submitted

Keywords: feedback => (none)

Dave Hodgins 2017-09-15 19:12:52 CEST

Summary: Update request: kernel-tmb-4.4.88-1.mga5 => Update request: kernel-tmb-4.4.88-2.mga5

Comment 4 Thomas Backlund 2017-09-15 19:36:39 CEST 
Advisory:

  This kernel-tmb update is based on upstream 4.4.88 and fixes atleast the
  following security issues:

  net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when 
  CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of
  xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users
  to cause a denial of service (out-of-bounds access) or possibly have
  unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message
  (CVE-2017-11600).

  The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen
  might allow local OS guest users to corrupt block device data streams
  and consequently obtain sensitive memory information, cause a denial of
  service, or gain host OS privileges by leveraging incorrect block IO
  merge-ability calculation (CVE-2017-12134 / XSA-229).

  The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel
  before 4.13.2 does not verify that a filesystem has a realtime device,
  which allows local users to cause a denial of service (NULL pointer
  dereference and OOPS) via vectors related to setting an RHINHERIT flag
  on a directory (CVE-2017-14340).

  The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the
  Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable
  to a stack overflow vulnerability in the processing of L2CAP configuration
  responses resulting in Remote code execution in kernel space
  (CVE-2017-1000251).

  For other upstream fixes in this update, read the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=21712
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.83
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.84
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.85
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.86
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.87
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.88

Whiteboard: (none) => advisory

Comment 5 Dave Hodgins 2017-09-15 20:56:16 CEST 
Confirmed conflict fixed and kernel working, both on real hardware and under vb.
Adding the OKs.

Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK

Dave Hodgins 2017-09-15 20:59:30 CEST

Keywords: (none) => advisory, validated_update
Whiteboard: advisory MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2017-09-16 10:25:58 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0346.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED