Bug 10698 - Update request: kernel-linus-3.8.13.4-2.mga3
: Update request: kernel-linus-3.8.13.4-2.mga3
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: All Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
:
: mga3-64-OK MGA3-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-07-04 21:14 CEST by Thomas Backlund
Modified: 2013-07-16 10:11 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-linus-3.8.13.4-2.mga3
CVE:


Attachments

Description Thomas Backlund 2013-07-04 21:14:32 CEST
Advisory:
This kernel-linus update provides the extended stable 3.8.13.4 kernel and fixes
the follwing security issues:

The pciback_enable_msi function in the PCI backend driver 
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
(CVE-2013-0231 / XSA-43)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
(CVE-2013-2850)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message. (CVE-2013-2852)

Other fixes:
- enable support for more touchscreens
- enable X86_X2APIC, X86_REROUTE_FOR_BROKEN_BOOT_IRQS, FHANDLE
- disable COMPAT_VDSO (not needed since glibc-2.3.3)

For other fixes in the extended stable update, see the referenced shortlog


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=refs/heads/linux-3.8.y;a=shortlog


Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Backlund 2013-07-04 21:24:19 CEST
SRPM:
kernel-linus-3.8.13.4-2.mga3.src.rpm


i586:
kernel-linus-3.8.13.4-2.mga3-1-1.mga3.i586.rpm
kernel-linus-devel-3.8.13.4-2.mga3-1-1.mga3.i586.rpm
kernel-linus-devel-latest-3.8.13.4-2.mga3.i586.rpm
kernel-linus-doc-3.8.13.4-2.mga3.noarch.rpm
kernel-linus-latest-3.8.13.4-2.mga3.i586.rpm
kernel-linus-source-3.8.13.4-2.mga3-1-1.mga3.noarch.rpm
kernel-linus-source-latest-3.8.13.4-2.mga3.noarch.rpm


x86_64:
kernel-linus-3.8.13.4-2.mga3-1-1.mga3.x86_64.rpm
kernel-linus-devel-3.8.13.4-2.mga3-1-1.mga3.x86_64.rpm
kernel-linus-devel-latest-3.8.13.4-2.mga3.x86_64.rpm
kernel-linus-doc-3.8.13.4-2.mga3.noarch.rpm
kernel-linus-latest-3.8.13.4-2.mga3.x86_64.rpm
kernel-linus-source-3.8.13.4-2.mga3-1-1.mga3.noarch.rpm
kernel-linus-source-latest-3.8.13.4-2.mga3.noarch.rpm
Comment 2 Bill Wilkinson 2013-07-08 04:30:16 CEST
Tested Mga3-64, Compaq Presario v6000 laptop, nvidia geforce graphics.

DKMS modules build at install, kernel boots normally.

One error during install:
Gtk-CRITICAL **: IA__gtk_progress_set_percentage: assertion `percentage >= 0 && percentage <= 1.0' failed at /usr/lib/perl5/vendor_perl/5.16.3/gurpm/RPMProgressDialog.pm line 192.

But this looks like it's only related to the progress bar, so probably not a release blocker.
Comment 3 Bill Wilkinson 2013-07-08 05:10:34 CEST
Tested mga3-32 sempron 3000+/Nvidia gforce graphics

dkms modules build at install, kernel boots normally.

No progress dialog error on install.
Comment 4 William Kenney 2013-07-08 06:24:51 CEST
Question on testing these kernels

When I install them in a Vbox test client then reboot
the terminal resolution goes from 1920x1200 to 1024x768
and I don't seem to be able to change that. What am
I doing wrong to test?
Comment 5 claire robinson 2013-07-08 08:07:48 CEST
You are probably missing dkms-vboxadditions William

kernel-linus doesn't have any prebuilt modules (kmod ones). It needs the dkms packages
Comment 6 William Kenney 2013-07-08 16:48:57 CEST
Please note that I am new at testing Kernels

Base test system is:

Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Motherboard
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB) DRAM
Samsung T260 26' 1920x1200
MGA3-64
VirtualBox Ver. 4.2.12

Bringing up MGA3-32 ( GRUB1 ) as a guest on the above
system and then installing dkms-virtualbox on that guest
system I am encountering the following:

1. The display is only able to attain a screen resolution
of a maximum of 1600x1200 with the update_testing kernel
under test.

2. The scroll wheel on the mouse no longer works with the
update_testing kernel under test.

Using the GRUB1 kernel choices during boot if I revert
back to the original kernel I am able to get back to
the 1920x1200 resolution and the mouse works again.
Comment 7 William Kenney 2013-07-09 03:26:42 CEST
MGA3-32-OK

I didn't have any problems here on real hardware:

Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775
GigaByte  GA-81915G Pro F4  i915G  LGA 775  MoBo
 Marvel Yukon 88E8001 Gigabit LAN
 Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel)
 Intel Graphics Media Accelerator 900 (Intel 82915G)
Comment 8 claire robinson 2013-07-11 08:23:13 CEST
Not related to this specifically but I notice on mga3 that dkms modules build to /lib still. Should they be /usr/lib now?
Comment 9 claire robinson 2013-07-11 08:29:03 CEST
Install to /lib, I should say.
Comment 10 Thomas Backlund 2013-07-11 09:21:54 CEST
Yep, all kernel stuff still uses /lib

For cauldron / mga4 I might change them, but not on a stable release
Comment 11 claire robinson 2013-07-11 09:45:15 CEST
Confirmed OK on mga3 32. dkms modules build and install on the kernel

# dkms status

Everything seems fine. No issues to report. I'll check mga3 64 quickly and then validate this one.
Comment 12 claire robinson 2013-07-11 11:26:20 CEST
Tested ok mga3 64


Validating. Advisory from comment 0 uploaded.

Could sysadmin please push from 3 core/updates_testing to core/updates

Thanks!
Comment 13 claire robinson 2013-07-11 14:21:06 CEST
Unvalidating for now. Sorry.

Switches to nouveau on boot the same as kernel-rt. I assume it's something to do with the WARNING below from dkms status. Could this be due to switching between different kernels?

nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)

# modprobe nvidia
modprobe: FATAL: Module nvidia not found.
Comment 14 claire robinson 2013-07-11 14:56:48 CEST
This is fixed by removing/reinstalling the dkms packages.

dkms now doesn't show the diff warnings.

# dkms status
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3
virtualbox, 4.2.12-2.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3

nvidia is loaded

# lsmod | grep nv
nvidia               9412314  38 
i2c_core               40397  6 i2c_i801,saa7134,nvidia,v4l2_common,tveeprom,videodev


I'd like your thoughts Thomas please before validating.
Comment 15 claire robinson 2013-07-11 15:15:34 CEST
The diff warnings seem to stem from removing kernels. It doesn't appear to remove from dkms. The dkms errors shown in the status are less than helpful but listing by kernel shows it as missing some built modules.

# urpme kernel-linus -a
To satisfy dependencies, the following 4 packages will be removed (67MB):
  kernel-linus-3.8.13.4-2.mga3-1-1.mga3.x86_64
  kernel-linus-devel-3.8.13.4-2.mga3-1-1.mga3.x86_64
  kernel-linus-devel-latest-3.8.13.4-2.mga3.x86_64
   (due to missing kernel-linus-devel-3.8.13.4-2.mga3)
  kernel-linus-latest-3.8.13.4-2.mga3.x86_64
   (due to missing kernel-linus-3.8.13.4-2.mga3)                                                                                             
Remove 4 packages? (y/N) y


# dkms status
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
virtualbox, 4.2.16-1.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3
virtualbox, 4.2.12-2.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3


# dkms status -k 3.8.13.4-2.mga3
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Missing some built modules!)
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Missing some built modules!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Missing some built modules!)
virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Missing some built modules!) (WARNING! Missing some built modules!) (WARNING! Missing some built modules!)
Comment 16 claire robinson 2013-07-15 13:58:21 CEST
As per bug 10699 comment 9 the dmks issue is known and will be handled separately so validating this one. I'll upload the advisory from comment 0 in a few minutes.

Could sysadmin please push from 3 core/updates_testing to core/updates

Thanks!
Comment 17 claire robinson 2013-07-15 14:01:39 CEST
Advisory was uploaded previously so it's ready to go.
Comment 18 Thomas Backlund 2013-07-16 10:11:51 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0214.html

Note You need to log in before you can comment on or make changes to this bug.