| Summary: | Update request: kernel-4.14.145-2.mga6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, fri, jim, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | kernel | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2019-09-19 16:56:13 CEST
Test OK 64 bit Update gave: - kernel-desktop-4.14.145-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.145-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.145-1.mga6.x86_64 - kernel-desktop-latest-4.14.145-1.mga6.x86_64 - kernel-userspace-headers-4.14.145-1.mga6.x86_64 - virtualbox-kernel-4.14.145-desktop-1.mga6-6.0.10-3.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.10-3.mga6.x86_64 And then also microcode-0.20190918-1.mga6.nonfree.noarch.rpm System is fully updated to testing repos. Rebooted. Thunderbird, LibreOffice6, video with sound in Firefox, VirtualBox running MSW7 incl USB2 flash stick. CUDA and OpenCL recognized by BOINC. Will continue using it as my workstation. Hardware: i7-3770, Nvidia GTX760 (GK104) using proprietary driver GeForce 420 and later, with CUDA & OpenCL detected OK in BOINC (but not used), / & /home & swap in LVM on LUKS on SSD CC:
(none) =>
fri Athlon x3, nvidia gt730 (390) - gnome, physical hardware $ uname -a Linux localhost 4.14.145-desktop-1.mga6 #1 SMP Thu Sep 19 08:56:20 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@localhost brian]# lsmod | grep nvidia nvidia_modeset 1056768 10 nvidia 14667776 444 nvidia_modeset ipmi_msghandler 53248 2 ipmi_devintf,nvidia System is working as designed. CC:
(none) =>
brtians1 Desktop: MATE 1.18.0 Distro: Mageia 6 mga6
CPU: Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3800/4000 MHz
Machine: Device: desktop Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
UEFI: American Megatrends v: V17.8 date: 12/24/2014
Graphics: Card: NVIDIA GM204 [GeForce GTX 970]
GLX Version: 4.6.0 NVIDIA 390.129
Running fine after reboot, stress tests, graphics tests, desktop applications...
virtualbox works, NFS shares OK.CC:
(none) =>
tarazed25 on mga6-64 kernel-desktop plasma
packages installed cleanly:
- cpupower-4.14.145-1.mga6.x86_64
- kernel-desktop-4.14.145-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-4.14.145-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-latest-4.14.145-1.mga6.x86_64
- kernel-desktop-latest-4.14.145-1.mga6.x86_64
- kernel-userspace-headers-4.14.145-1.mga6.x86_64
- virtualbox-kernel-4.14.145-desktop-1.mga6-6.0.10-3.mga6.x86_64
- virtualbox-kernel-desktop-latest-6.0.10-3.mga6.x86_64
system rebooted normally:
$ uname -r
4.14.145-desktop-1.mga6
# dkms status
virtualbox, 6.0.10-1.mga6, 4.14.137-desktop-1.mga6, x86_64: installed
virtualbox, 6.0.10-1.mga6, 4.14.145-desktop-1.mga6, x86_64: installed
virtualbox, 6.0.10-1.mga6, 4.14.131-desktop-1.mga6, x86_64: installed
virtualbox, 6.0.10-1.mga6, 4.14.137-desktop-1.mga6, x86_64: installed-binary from 4.14.137-desktop-1.mga6
virtualbox, 6.0.10-1.mga6, 4.14.145-desktop-1.mga6, x86_64: installed-binary from 4.14.145-desktop-1.mga6
virtualbox, 6.0.10-1.mga6, 4.14.131-desktop-1.mga6, x86_64: installed-binary from 4.14.131-desktop-1.mga6
vbox and client launched normally
no regressions noted
looks OK for mga6-64 on this system:
Machine: Device: desktop System: Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.13.1
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
Graphics: Card: Intel HD Graphics 530CC:
(none) =>
jim on mga6-32 kernel-desktop plasma in a vbox VM packages installed cleanly: - cpupower-4.14.145-1.mga6.i586 - kernel-desktop-4.14.145-1.mga6-1-1.mga6.i586 - kernel-desktop-devel-4.14.145-1.mga6-1-1.mga6.i586 - kernel-desktop-devel-latest-4.14.145-1.mga6.i586 - kernel-desktop-latest-4.14.145-1.mga6.i586 - kernel-userspace-headers-4.14.145-1.mga6.i586 - vboxadditions-kernel-4.14.145-desktop-1.mga6-6.0.10-3.mga6.i586 - vboxadditions-kernel-desktop-latest-6.0.10-3.mga6.i586 VM re-launched normally: $ uname -r 4.14.145-desktop-1.mga6 # dkms status vboxadditions, 6.0.10-1.mga6, 4.14.137-desktop-1.mga6, i586: installed vboxadditions, 6.0.10-1.mga6, 4.14.131-desktop-1.mga6, i586: installed vboxadditions, 6.0.10-1.mga6, 4.14.145-desktop-1.mga6, i586: installed vboxadditions, 6.0.10-1.mga6, 4.14.137-desktop-1.mga6, i586: installed-binary from 4.14.137-desktop-1.mga6 vboxadditions, 6.0.10-1.mga6, 4.14.131-desktop-1.mga6, i586: installed-binary from 4.14.131-desktop-1.mga6 vboxadditions, 6.0.10-1.mga6, 4.14.145-desktop-1.mga6, i586: installed-binary from 4.14.145-desktop-1.mga6 no regressions noted OK for mga6-32 in a vbox VM Sorry, missed 4 security fixes, of wich one is critical enough for a rebuild, so a -2.mga6 is building Keywords:
(none) =>
feedback So the security fixes I added is for kvm and the mvifiex driver, nothing else so as long as it still installs and boots properly, it should be all good to go :) SRPMS: kernel-4.14.145-2.mga6.src.rpm kernel-userspace-headers-4.14.145-2.mga6.src.rpm kmod-vboxadditions-6.0.10-4.mga6.src.rpm kmod-virtualbox-6.0.10-4.mga6.src.rpm kmod-xtables-addons-2.13-92.mga6.src.rpm wireguard-tools-0.0.20190913-1.mga6.src.rpm i586: cpupower-4.14.145-2.mga6.i586.rpm cpupower-devel-4.14.145-2.mga6.i586.rpm kernel-desktop-4.14.145-2.mga6-1-1.mga6.i586.rpm kernel-desktop586-4.14.145-2.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-4.14.145-2.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-latest-4.14.145-2.mga6.i586.rpm kernel-desktop586-latest-4.14.145-2.mga6.i586.rpm kernel-desktop-devel-4.14.145-2.mga6-1-1.mga6.i586.rpm kernel-desktop-devel-latest-4.14.145-2.mga6.i586.rpm kernel-desktop-latest-4.14.145-2.mga6.i586.rpm kernel-doc-4.14.145-2.mga6.noarch.rpm kernel-server-4.14.145-2.mga6-1-1.mga6.i586.rpm kernel-server-devel-4.14.145-2.mga6-1-1.mga6.i586.rpm kernel-server-devel-latest-4.14.145-2.mga6.i586.rpm kernel-server-latest-4.14.145-2.mga6.i586.rpm kernel-source-4.14.145-2.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.145-2.mga6.noarch.rpm kernel-userspace-headers-4.14.145-2.mga6.i586.rpm perf-4.14.145-2.mga6.i586.rpm vboxadditions-kernel-4.14.145-desktop-2.mga6-6.0.10-4.mga6.i586.rpm vboxadditions-kernel-4.14.145-desktop586-2.mga6-6.0.10-4.mga6.i586.rpm vboxadditions-kernel-4.14.145-server-2.mga6-6.0.10-4.mga6.i586.rpm vboxadditions-kernel-desktop586-latest-6.0.10-4.mga6.i586.rpm vboxadditions-kernel-desktop-latest-6.0.10-4.mga6.i586.rpm vboxadditions-kernel-server-latest-6.0.10-4.mga6.i586.rpm virtualbox-kernel-4.14.145-desktop-2.mga6-6.0.10-4.mga6.i586.rpm virtualbox-kernel-4.14.145-desktop586-2.mga6-6.0.10-4.mga6.i586.rpm virtualbox-kernel-4.14.145-server-2.mga6-6.0.10-4.mga6.i586.rpm virtualbox-kernel-desktop586-latest-6.0.10-4.mga6.i586.rpm virtualbox-kernel-desktop-latest-6.0.10-4.mga6.i586.rpm virtualbox-kernel-server-latest-6.0.10-4.mga6.i586.rpm xtables-addons-kernel-4.14.145-desktop-2.mga6-2.13-92.mga6.i586.rpm xtables-addons-kernel-4.14.145-desktop586-2.mga6-2.13-92.mga6.i586.rpm xtables-addons-kernel-4.14.145-server-2.mga6-2.13-92.mga6.i586.rpm xtables-addons-kernel-desktop586-latest-2.13-92.mga6.i586.rpm xtables-addons-kernel-desktop-latest-2.13-92.mga6.i586.rpm xtables-addons-kernel-server-latest-2.13-92.mga6.i586.rpm wireguard-tools-0.0.20190913-1.mga6.i586.rpm x86_64: cpupower-4.14.145-2.mga6.x86_64.rpm cpupower-devel-4.14.145-2.mga6.x86_64.rpm kernel-desktop-4.14.145-2.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-4.14.145-2.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-latest-4.14.145-2.mga6.x86_64.rpm kernel-desktop-latest-4.14.145-2.mga6.x86_64.rpm kernel-doc-4.14.145-2.mga6.noarch.rpm kernel-server-4.14.145-2.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-4.14.145-2.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-latest-4.14.145-2.mga6.x86_64.rpm kernel-server-latest-4.14.145-2.mga6.x86_64.rpm kernel-source-4.14.145-2.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.145-2.mga6.noarch.rpm kernel-userspace-headers-4.14.145-2.mga6.x86_64.rpm perf-4.14.145-2.mga6.x86_64.rpm vboxadditions-kernel-4.14.145-desktop-2.mga6-6.0.10-4.mga6.x86_64.rpm vboxadditions-kernel-4.14.145-server-2.mga6-6.0.10-4.mga6.x86_64.rpm vboxadditions-kernel-desktop-latest-6.0.10-4.mga6.x86_64.rpm vboxadditions-kernel-server-latest-6.0.10-4.mga6.x86_64.rpm virtualbox-kernel-4.14.145-desktop-2.mga6-6.0.10-4.mga6.x86_64.rpm virtualbox-kernel-4.14.145-server-2.mga6-6.0.10-4.mga6.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.10-4.mga6.x86_64.rpm virtualbox-kernel-server-latest-6.0.10-4.mga6.x86_64.rpm xtables-addons-kernel-4.14.145-desktop-2.mga6-2.13-92.mga6.x86_64.rpm xtables-addons-kernel-4.14.145-server-2.mga6-2.13-92.mga6.x86_64.rpm xtables-addons-kernel-desktop-latest-2.13-92.mga6.x86_64.rpm xtables-addons-kernel-server-latest-2.13-92.mga6.x86_64.rpm wireguard-tools-0.0.20190913-1.mga6.x86_64.rpm Keywords:
feedback =>
(none) mga6, x86_64 Ran this again for the hardware in comment 3. Updated all the packages except the server versions. Rebooted smoothly and nvidia 390.129 running fine. No problem with graphics, NFS shares or virtualbox. Ran a couple of stress tests to completion. Athlon X2 7750, 8GB RAM, GF210 (340 driver) graphics, Atheros wifi, 64-bit Plasma system. All packages installed cleanly. Ran all the usual suspects after reboot, no problems noted. CC:
(none) =>
andrewsfarm
Advisory, added to svn:
type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821
- CVE-2019-14835
src:
6:
core:
- kernel-4.14.145-2.mga6
- kernel-userspace-headers-4.14.145-2.mga6
- kmod-vboxadditions-6.0.10-4.mga6
- kmod-virtualbox-6.0.10-4.mga6
- kmod-xtables-addons-2.13-92.mga6
- wireguard-tools-0.0.20190913-1.mga6
description: |
This kernel update is based on the upstream 4.14.145 and fixes atleast
the following security issues:
There is heap-based buffer overflow in the marvell wifi chip driver that
allows local users to cause a denial of service(system crash) or possibly
execute arbitrary code (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816).
An out-of-bounds access issue was found in the way Linux kernel's KVM
hypervisor implements the Coalesced MMIO write operation. It operates on
an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write
indices 'ring->first' and 'ring->last' value could be supplied by a host
user-space process. An unprivileged host user or process with access to
'/dev/kvm' device could use this flaw to crash the host kernel, resulting
in a denial of service or potentially escalating privileges on the system
(CVE-2019-14821).
A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host
(CVE-2019-14835).
WireGuard has been updated to 0.0.20190913.
For other uptstream fixes in this update, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=25453
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.138
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.139
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.140
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.141
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.142
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.143
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.144
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.145Keywords:
(none) =>
advisory 64 bit OK on system in comment 1. Forgot to mention it use Plasma. --------- 64 bit OK on laptop Acer Aspire 7 A717-71G, running Plasma Intel i5, Nvidia and Intel GPU:s but only intel is configured, as per default in Mageia installer. Disk: nVME SSD, EFI boot, separate /boot, then rest of system in LVM lv:s in a LUKS encrypted pv. Play video with audio in firefox, other normal use for a while... Suspend-resume incl wifi etc works. Hibernation not tested - never worked. --------- 64 bit OK on Thinkpad T61 with Nvidia driver, running MATE, wifi, including resume from suspend. Hibernation fails, screen get black - i have forgotten when hibernation last worked, but it have years ago... (sorry forgot to bring the system details with me here)
Thomas Backlund
2019-09-21 17:13:45 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0287.html Status:
NEW =>
RESOLVED |