| Summary: | Update request: kernel-5.10.52-1.mga8 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, davidwhodgins, fri, herman.viaene, ouaurelien, peter.winterflood, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK, MGA8-32-OK | ||
| Source RPM: | kernel | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2021-07-20 23:06:06 CEST
No regressions noticed with the 5.10.52-server-1.mga8 package on one x86_64 mga8 system so far. CC:
(none) =>
davidwhodgins Same test as Comment 1: No regressions noticed with the 5.10.52-desktop-1.mga8 package $ inxi -MSxx System: Host: mageia.local Kernel: 5.10.52-desktop-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 Machine: Type: Desktop System: Gigabyte product: Z170X-Ultra Gaming v: N/A Mobo: Gigabyte model: Z170X-Ultra Gaming-CF UEFI: American Megatrends v: F23j date: 03/09/2018 Virtualbox OK. 4 mga8 Clients also. 1 opensuse client same. 1 Windows 10 Client is OK. WiFi OK, Bluetooth OK, nvidia well rebuilt. Audio OK. Ethernet OK. CC:
(none) =>
ouaurelien No regressions on another bios system running the desktop kernel, a uefi system running the server kernel, and an aarch64 (rpi4b) system. Also a vb install running mga8 x86_64 and a vb install running mga8 i586. All of my systems, everything is working normally.
Advisory, added to svn :
type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
- CVE-2021-3609
- CVE-2021-33909
src:
8:
core:
- kernel-5.10.52-1.mga8
- kmod-virtualbox-6.1.22-1.12.mga8
- kmod-xtables-addons-3.18-1.12.mga8
description: |
This kernel update is based on upstream 5.10.52 and fixes atleast the
following security issues:
There is a race condition in net/can/bcm.c that can lead to local
privilege escalation to root (CVE-2021-3609).
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does
not properly restrict seq buffer allocations, leading to an integer
overflow, an Out-of-bounds Write, and escalation to root by an unprivileged
user (CVE-2021-33909).
Other fixes in this update:
- rtl8xxxu: disable interrupt_in transfer for 8188cu and 8192cu
For other upstream fixes, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=29271
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.49
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.50
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52
- https://www.openwall.com/lists/oss-security/2021/06/19/1
- https://www.openwall.com/lists/oss-security/2021/07/20/1Keywords:
(none) =>
advisory installed and tested on asus prime x399 with TR 1950X, and Nvidia 1070ti no obvious negative impact CC:
(none) =>
peter.winterflood Trying to select the kernel-desktop-devel draws in - kernel-desktop-devel-5.12.15-1.mga8-1-1.mga8.x86_64 which is nonsense - does not even exist in the repo. CC:
(none) =>
herman.viaene But if I select simply the kernel-desktop-devel-latest, then this draws in the correct item. Same ges for the xtables-addons-kernel-5.10.52-desktop- Intalling works OK then, now waiting for reboot. Tested desktop kernel on a Probook 6550b 64-bit Plasma MBR system - no obvious regressions noted. Will test i586 desktop with Foolishness in a little while. CC:
(none) =>
andrewsfarm (In reply to Herman Viaene from comment #6) > Trying to select the kernel-desktop-devel draws in - > kernel-desktop-devel-5.12.15-1.mga8-1-1.mga8.x86_64 which is nonsense - does > not even exist in the repo. Probably Bug 29148 rearing its ugly head. After reboot, wifi, NFS-access, internet connection, some file types tested, all OK. MGA8 - 64bit - Laptop A6 APU The following 3 packages are going to be installed: - cpupower-5.10.52-1.mga8.x86_64 - kernel-desktop-5.10.52-1.mga8-1-1.mga8.x86_64 - kernel-desktop-latest-5.10.52-1.mga8.x86_64 -- rebooted or for some framers out there, I IPL'd -- System came back fine $ uname -a Linux localhost.localdomain 5.10.52-desktop-1.mga8 #1 SMP Tue Jul 20 17:00:24 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux - sleep works - browser works - wifi, etc. is working CC:
(none) =>
brtians1 Foolishness (Dell Inspiron 5100, P4, Radeon RV200 graphics, Atheros-based wifi, 32-bit Xfce system) seems happy enough with this desktop kernel. No obvious problems noted. AMD Phenom II 910, AMD HD 8490 graphics, Atheros-based wifi, 64-bit Plasma system using the desktop kernel. Also, same hardware, 32-bit Plasma system using the server kernel. On both systems, no installation issues, and after a reboot, no obvious regressions were noted. AMD x2-3800 - Nouveau, used as Nextcloud server The following 3 packages are going to be installed: - cpupower-5.10.52-1.mga8.i586 - kernel-server-5.10.52-1.mga8-1-1.mga8.i586 - kernel-server-latest-5.10.52-1.mga8.i586 ----- $ uname -a Linux localhost.localdomain 5.10.52-server-1.mga8 #1 SMP Tue Jul 20 17:31:36 UTC 2021 i686 i686 i386 GNU/Linux Exercised nextcloud from another machine. The server is serving as expected Mga8-64 OK here
Was running backport kernel 5.12.15;
downgraded cpupower and kernel-userspace-headers,
installed -5.10.52 kernel-desktop, kernel-desktop-devel, virtualbox-kernel desktop
Also already updated to testing: mesa, x11, systemd, kernel-firmware-nonfree
$ uname -a
Linux svarten.tribun 5.10.52-desktop-1.mga8 #1 SMP Tue Jul 20 17:00:24 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display. Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner
dkms status tells me VirtualBox and nvidia-current are OK.
BOINC detects CUDA and OpenCL
Been using it now and then today
Plasma desktop, using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, Firefox ESR, flatpak Firefox...
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chrome, nor Firefox ESR but do in flatpak version.
VirtualBox running MSW7 64 bit OK: graphics, window resize, bidirectional clipboard, drag file from Dolphin to Explorer, folder sharing write protected and not, folder sharing, USB2 with plugin from upstream using USB stick, internet video playing in Firefox and Chrome.CC:
(none) =>
fri Dell Dimension e520, Core2Quad, AMD HD 8570 graphics, rtl8192cu wifi dongle, 64-bit Plasma system. No installation issues. After the reboot tried this and that, including watching Steve McQueen battle The Blob in VLC. No issues noted. x86_64 5.10.52-desktop-1.mga8 No problems so far on 10-Core Intel Core i9-7900X CC:
(none) =>
tarazed25 i5-2500, Intel graphics, 64-bit Plasma test system, using the server kernel and rtl8192eu wifi dongle. No installation issues. Quite a delay in the last "remove" phase of installation, probably while the rtl8192eu module was being built. After the reboot, the wifi connected, but the net_applet icon was not reporting it correctly. (possibly because this hardware is also connected via Ethernet) Ran VirtualBox and got numerous updates to a Mageia 8 guest, through the wifi connection, so both wifi and VirtualBox modules are functioning correctly. Using it to make this report. Also, same hardware, without the rtl8192eu dongle, 64-bit Plasma system using the desktop kernel. This is my production system, and has been used off and on for several hours, with no issues noted. Thanks for all testing. Flushing out Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0366.html Resolution:
(none) =>
FIXED |