| Summary: | Update request: kernel-linus 4.14.13 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK, MGA6-32-OK | ||
| Source RPM: | kernel-linus | CVE: | |
| Status comment: | |||
| Bug Depends on: | 22337 | ||
| Bug Blocks: | |||
|
Description
Thomas Backlund
2018-01-06 23:32:20 CET
Thomas Backlund
2018-01-06 23:38:37 CET
Depends on:
(none) =>
22337 Oops - that last report went missing - maybe to mga5.
Upated the linus kernel.
$ uname -r
4.14.12-2.mga6
System: Host: juza Kernel: 4.14.12-2.mga6 x86_64
Desktop: MATE 1.18.0 Distro: Mageia 6 mga6
CPU: Quad core Intel Core i7-3630QM (-HT-MCP-)
Machine: Device: laptop System: LENOVO product: 9541 v: Lenovo IdeaPad Y500
Graphics: Card: NVIDIA GK107M [GeForce GT 650M]
GLX Version: 4.5.0 NVIDIA 384.111
RAM: 8 GB
Stress tests OK. glmark2.
NFS share mounted. LAN wifi networking OK. Login to a local machine to run a graphical application remotely.
Paired with TV soundbar using bluetooth and played an ogg file with sox. Youtube videos played fine. Looks like a working desktop.CC:
(none) =>
tarazed25 Testing M6/64 Real EFI hardware, AMD processor, AMD/ATI/Radeon graphics, sound. No wifi. $ uname -r 4.14.12-2.mga6 [which is the linus kernel] Been running for a few hours on mixed but normal things, no problems noted. Videos & sound OK. Thanks to Len for the following basic things to try (you need to install both pkgs): $ stress -c 2 -i 2 -m 2 -d 2 -t 10 stress: info: [6141] dispatching hogs: 2 cpu, 2 io, 2 vm, 2 hdd stress: info: [6141] successful run completed in 13s and $ glmark2 This kernel is OK for me. CC:
(none) =>
lewyssmith Unfortunately there is still some regressions that will be fixed in 4.14.13, so a new kernel will be coming... Keywords:
(none) =>
feedback Fixed kernels... SRPMS: kernel-linus-4.14.13-1.mga6.src.rpm i586: kernel-linus-4.14.13-1.mga6-1-1.mga6.i586.rpm kernel-linus-devel-4.14.13-1.mga6-1-1.mga6.i586.rpm kernel-linus-devel-latest-4.14.13-1.mga6.i586.rpm kernel-linus-doc-4.14.13-1.mga6.noarch.rpm kernel-linus-latest-4.14.13-1.mga6.i586.rpm kernel-linus-source-4.14.13-1.mga6-1-1.mga6.noarch.rpm kernel-linus-source-latest-4.14.13-1.mga6.noarch.rpm x86_64: kernel-linus-4.14.13-1.mga6-1-1.mga6.x86_64.rpm kernel-linus-devel-4.14.13-1.mga6-1-1.mga6.x86_64.rpm kernel-linus-devel-latest-4.14.13-1.mga6.x86_64.rpm kernel-linus-doc-4.14.13-1.mga6.noarch.rpm kernel-linus-latest-4.14.13-1.mga6.x86_64.rpm kernel-linus-source-4.14.13-1.mga6-1-1.mga6.noarch.rpm kernel-linus-source-latest-4.14.13-1.mga6.noarch.rpm Summary:
Update request: kernel-linus 4.14.12 =>
Update request: kernel-linus 4.14.13
Thomas Backlund
2018-01-10 15:39:27 CET
Keywords:
feedback =>
(none)
Advisory, added to svn:
type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
- CVE-2017-5754
- CVE-2017-15129
src:
6:
core:
- kernel-linus-4.14.13-1.mga6
description: |
This kernel-linus update provided the upstream 4.14.13 and and fixes
several security issues.
The most important fix in this update is for the security issue named
"Meltdown" that is fixed in theese kernels by enabling kernel Page
Table Isolation (KTPI). Note that according to AMD, this issue does
not effect Amd processors, so it is not enabled by default on systems
using Amd CPU.
The list of known security fixes and mitigations in this kernel:
Systems with microprocessors utilizing speculative execution and indirect
branch prediction may allow unauthorized disclosure of information to an
attacker with local user access via a side-channel analysis of the data
cache (CVE-2017-5754, "MeltDown").
A use-after-free vulnerability was found in network namespaces code
affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id()
in net/core/net_namespace.c does not check for the net::count value after
it has found a peer network in netns_ids idr, which could lead to double
free and memory corruption. This vulnerability could allow an unprivileged
local user to induce kernel memory corruption on the system, leading to a
crash. Due to the nature of the flaw, privilege escalation cannot be fully
ruled out, although it is thought to be unlikely (CVE-2017-15129).
The kernels are also fixed to allow loading cpu microcode for Amd
family 17 (Zen) processors.
For more info about Meltdown, Spectre and other fixes in this update,
see the refences.
references:
- https://bugs.mageia.org/show_bug.cgi?id=22336
- https://meltdownattack.com/
- https://googleprojectzero.blogspot.fi/2018/01/reading-privileged-memory-with-side.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113Keywords:
(none) =>
advisory
Thomas Backlund
2018-01-13 14:55:25 CET
Whiteboard:
(none) =>
MGA6-64-OK, MGA6-32-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0078.html Status:
NEW =>
RESOLVED |