| Summary: | Upate request: kernel-tmb-4.14.69-1.mga6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, sysadmin-bugs, tarazed25, wilcal.int |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | mga6-64-ok, mga6-32-ok | ||
| Source RPM: | kernel-tmb | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2018-09-07 19:48:28 CEST
Mageia 6, x86_64 Intel core i7, NVIDIA GTX 770. Creating: target|kernel|dracut args|basicmodules remove-boot-splash: Format of /boot/initrd-4.14.68-tmb-desktop-1.mga6.img not recognized But otherwise OK. Rebooted to Mate desktop - NETFLOW driver and other kernel modules rebuilt on the fly. Desktop fully operational. Hardware and memory stress tests ran OK. CC:
(none) =>
tarazed25 Mageia 6, x86_64 Intel core i7, NVIDIA GTX 970 No problem with the update but something odd happened with the disk stress test. $ stress -d 3 -t 25 That did not terminate and gkrellm indicated that eth0 was heavily used throughout the test together with one of the cores. Ctrl-C stopped the command in the terminal but disk activity continued for at least five minutes. Tried a very short time interval but the process stuck again. $ stress -d 2 -t 10 stress: info: [11376] dispatching hogs: 0 cpu, 0 io, 0 vm, 2 hdd ^C [lcl@difda qa]$ ps aux | grep stress lcl 11377 7.6 0.0 8108 1688 pts/2 D 10:54 0:07 stress -d 2 -t 10 lcl 11378 7.9 0.0 8108 1688 pts/2 D 10:54 0:07 stress -d 2 -t 10 Looks like it re-spawned right after the Ctrl-C. It died eventually. This seems to happen every now and again with kernel updates but everything else is working fine. Re comment #2 In the journal there were dozens of lines like: Sep 08 10:42:40 difda pkexec[7792]: pam_systemd(polkit-1:session): Cannot create Sep 08 10:42:40 difda pkexec[7792]: pam_unix(polkit-1:session): session opened f Sep 08 10:42:43 difda mgaapplet[9716]: Packages are up to date Sep 08 10:43:45 difda pkexec[13980]: lcl: Error executing command as another use Sep 08 10:44:12 difda pkexec[16007]: lcl: Error executing command as another use which may be completely irrelevant. Mageia 6, x86_64 Intel core i9, NVIDIA GTX 1080Ti Updated without a problem and rebooted to Mate. Desktop fully functional. Stress tests, glmark2, kaffeine TV via WinTV Hauppauge USB adapter, all OK. MGA6-32 MATE on IBM Thinkpad R50e At installation, I also deleted three kernels of the 4.14.5X range, all seems to go well. After reboot $ uname -a Linux mach6.hviaene.thuis 4.14.65-desktop-1.mga6 #1 SMP Sat Aug 18 16:12:25 UTC 2018 i686 i686 i686 GNU/Linux i.e. the previous kernel version. Checked in MCC that the kernel packages were installed OK - confirm that. Looked at the startup options in MCC and saw that 4.14.68 is in the list, but apparently it hqs not been set as default. Leaving this laptop as is in case someone might require more info on the current configuration. CC:
(none) =>
herman.viaene Yeah, its by design. Only core kernel updates sets/updates default kernel. That so people installing several kernels dont get surprises @Herman re comment 5: And if you think you might have difficulty identifying it you could always run 'drakboot --boot' as root and select it as the default. My message that I posted on the wrong bug - I didn't install the tmb kernel - was not registered, so I will answer on bug 23543. So new rpms fixing the SPI_INTEL_SPI issue in comment 17 and rebased on 4.14.69 for more security and bugfixes... SRPMS: kernel-tmb-4.14.69-1.mga6.src.rpm i586: kernel-tmb-desktop-4.14.69-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-4.14.69-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-latest-4.14.69-1.mga6.i586.rpm kernel-tmb-desktop-latest-4.14.69-1.mga6.i586.rpm kernel-tmb-source-4.14.69-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.69-1.mga6.noarch.rpm x86_64: kernel-tmb-desktop-4.14.69-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-4.14.69-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-latest-4.14.69-1.mga6.x86_64.rpm kernel-tmb-desktop-latest-4.14.69-1.mga6.x86_64.rpm kernel-tmb-source-4.14.69-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.69-1.mga6.noarch.rpm Summary:
Upate request: kernel-tmb-4.14.68-1.mga6 =>
Upate request: kernel-tmb-4.14.69-1.mga6 x86_64, Intel Core i7 with NVIDIA GTX 970 graphics. Tried the tmb kernel. The Mate desktop was running fine and glmark2 was back to its usual low score.
Advisory, added to svn:
type: security
subject: Updated kernel-tmb packages fix security vulnerabilities
CVE:
- CVE-2018-6554
- CVE-2018-6555
src:
6:
core:
- kernel-tmb-4.14.69-1.mga6
description: |
This kernel-tmb update is based on the upstream 4.14.69 and adds additional
fixes for the L1TF and Spectre security issues. It also fixes atleast
the following security issues:
Memory leak in the irda_bind function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows
local users to cause a denial of service (memory consumption) by repeatedly
binding an AF_IRDA socket (CVE-2018-6554).
The irda_setsockopt function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows
local users to cause a denial of service (ias_object use-after-free and
system crash) or possibly have unspecified other impact via an AF_IRDA
socket (CVE-2018-6554).
Other fixes in this update:
* WireGuard has been updated to 0.0.20180904
* all SPI_INTEL_SPI config options have been disable to prevent a potential
bios corrupting bug (mga#23560)
For other changes in this update, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=23544
- https://bugs.mageia.org/show_bug.cgi?id=23560
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.66
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.67
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.68
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.69Keywords:
(none) =>
advisory Enough tests, validating CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0374.html Status:
NEW =>
RESOLVED On real hardware, M6, Plasma, 64-bit Testing: kernel-tmb-desktop-latest cpupower The following 3 packages are going to be installed: - cpupower-4.14.69-1.mga6.x86_64 - kernel-tmb-desktop-4.14.69-1.mga6-1-1.mga6.x86_64 - kernel-tmb-desktop-latest-4.14.69-1.mga6.x86_64 [root@localhost wilcal]# uname -a Linux localhost 4.14.69-tmb-desktop-1.mga6 #1 SMP PREEMPT Wed Sep 12 12:48:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.14.69-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.69-1.mga6.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Test platform: Intel Core i5-4460 Haswell Quad-Core 3.2GHz LGA 115 Gigabyte GA-B85M-D3H LGA 1150 Intel B85 chipset Integrated Graphics Processor - Intel HD Graphics support Audito chipset - Realtek ALC892, 7.1 channels Corsair Vengeance 8GB ( 2 x 4GB ) 240-pin DDR3 SDRAM 1600 CC:
(none) =>
wilcal.int |