Advisory: This kernel-linus update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (CVE-2013-0231 / XSA-43) Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. A reproduction case requires patching open-iscsi to send overly large keys. Performing discovery in a loop will Oops the remote server. (CVE-2013-2850) Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852) Other fixes: - enable support for more touchscreens - enable X86_X2APIC, X86_REROUTE_FOR_BROKEN_BOOT_IRQS, FHANDLE - disable COMPAT_VDSO (not needed since glibc-2.3.3) For other fixes in the extended stable update, see the referenced shortlog References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=refs/heads/linux-3.8.y;a=shortlog Reproducible: Steps to Reproduce:
SRPM: kernel-linus-3.8.13.4-2.mga3.src.rpm i586: kernel-linus-3.8.13.4-2.mga3-1-1.mga3.i586.rpm kernel-linus-devel-3.8.13.4-2.mga3-1-1.mga3.i586.rpm kernel-linus-devel-latest-3.8.13.4-2.mga3.i586.rpm kernel-linus-doc-3.8.13.4-2.mga3.noarch.rpm kernel-linus-latest-3.8.13.4-2.mga3.i586.rpm kernel-linus-source-3.8.13.4-2.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.8.13.4-2.mga3.noarch.rpm x86_64: kernel-linus-3.8.13.4-2.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-3.8.13.4-2.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-latest-3.8.13.4-2.mga3.x86_64.rpm kernel-linus-doc-3.8.13.4-2.mga3.noarch.rpm kernel-linus-latest-3.8.13.4-2.mga3.x86_64.rpm kernel-linus-source-3.8.13.4-2.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.8.13.4-2.mga3.noarch.rpm
Summary: kernel-linus-3.8.13.4-2.mga3 => Update request: kernel-linus-3.8.13.4-2.mga3
Tested Mga3-64, Compaq Presario v6000 laptop, nvidia geforce graphics. DKMS modules build at install, kernel boots normally. One error during install: Gtk-CRITICAL **: IA__gtk_progress_set_percentage: assertion `percentage >= 0 && percentage <= 1.0' failed at /usr/lib/perl5/vendor_perl/5.16.3/gurpm/RPMProgressDialog.pm line 192. But this looks like it's only related to the progress bar, so probably not a release blocker.
CC: (none) => wrw105
Tested mga3-32 sempron 3000+/Nvidia gforce graphics dkms modules build at install, kernel boots normally. No progress dialog error on install.
Question on testing these kernels When I install them in a Vbox test client then reboot the terminal resolution goes from 1920x1200 to 1024x768 and I don't seem to be able to change that. What am I doing wrong to test?
CC: (none) => wilcal.int
You are probably missing dkms-vboxadditions William kernel-linus doesn't have any prebuilt modules (kmod ones). It needs the dkms packages
Please note that I am new at testing Kernels Base test system is: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Motherboard GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi) CORSAIR Vengeance 16GB (4 x 4GB) DRAM Samsung T260 26' 1920x1200 MGA3-64 VirtualBox Ver. 4.2.12 Bringing up MGA3-32 ( GRUB1 ) as a guest on the above system and then installing dkms-virtualbox on that guest system I am encountering the following: 1. The display is only able to attain a screen resolution of a maximum of 1600x1200 with the update_testing kernel under test. 2. The scroll wheel on the mouse no longer works with the update_testing kernel under test. Using the GRUB1 kernel choices during boot if I revert back to the original kernel I am able to get back to the 1920x1200 resolution and the mouse works again.
Whiteboard: (none) => mga3-64-OK MGA3-32-OK
MGA3-32-OK I didn't have any problems here on real hardware: Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775 GigaByte GA-81915G Pro F4 i915G LGA 775 MoBo Marvel Yukon 88E8001 Gigabit LAN Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel) Intel Graphics Media Accelerator 900 (Intel 82915G)
Not related to this specifically but I notice on mga3 that dkms modules build to /lib still. Should they be /usr/lib now?
Install to /lib, I should say.
Yep, all kernel stuff still uses /lib For cauldron / mga4 I might change them, but not on a stable release
Confirmed OK on mga3 32. dkms modules build and install on the kernel # dkms status Everything seems fine. No issues to report. I'll check mga3 64 quickly and then validate this one.
Tested ok mga3 64 Validating. Advisory from comment 0 uploaded. Could sysadmin please push from 3 core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Unvalidating for now. Sorry. Switches to nouveau on boot the same as kernel-rt. I assume it's something to do with the WARNING below from dkms status. Could this be due to switching between different kernels? nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Diff between built and installed module!) # modprobe nvidia modprobe: FATAL: Module nvidia not found.
Keywords: validated_update => (none)Whiteboard: mga3-64-OK MGA3-32-OK => feedback mga3-64-OK MGA3-32-OK
This is fixed by removing/reinstalling the dkms packages. dkms now doesn't show the diff warnings. # dkms status broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed virtualbox, 4.2.16-1.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3 virtualbox, 4.2.12-2.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3 nvidia is loaded # lsmod | grep nv nvidia 9412314 38 i2c_core 40397 6 i2c_i801,saa7134,nvidia,v4l2_common,tveeprom,videodev I'd like your thoughts Thomas please before validating.
The diff warnings seem to stem from removing kernels. It doesn't appear to remove from dkms. The dkms errors shown in the status are less than helpful but listing by kernel shows it as missing some built modules. # urpme kernel-linus -a To satisfy dependencies, the following 4 packages will be removed (67MB): kernel-linus-3.8.13.4-2.mga3-1-1.mga3.x86_64 kernel-linus-devel-3.8.13.4-2.mga3-1-1.mga3.x86_64 kernel-linus-devel-latest-3.8.13.4-2.mga3.x86_64 (due to missing kernel-linus-devel-3.8.13.4-2.mga3) kernel-linus-latest-3.8.13.4-2.mga3.x86_64 (due to missing kernel-linus-3.8.13.4-2.mga3) Remove 4 packages? (y/N) y # dkms status broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Diff between built and installed module!) fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Diff between built and installed module!) nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Diff between built and installed module!) virtualbox, 4.2.16-1.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed virtualbox, 4.2.16-1.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!) nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3 virtualbox, 4.2.12-2.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3 # dkms status -k 3.8.13.4-2.mga3 broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Missing some built modules!) fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Missing some built modules!) nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Missing some built modules!) virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed (WARNING! Missing some built modules!) (WARNING! Missing some built modules!) (WARNING! Missing some built modules!)
As per bug 10699 comment 9 the dmks issue is known and will be handled separately so validating this one. I'll upload the advisory from comment 0 in a few minutes. Could sysadmin please push from 3 core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: feedback mga3-64-OK MGA3-32-OK => mga3-64-OK MGA3-32-OK
Advisory was uploaded previously so it's ready to go.
Update pushed: http://advisories.mageia.org/MGASA-2013-0214.html
Status: NEW => RESOLVEDResolution: (none) => FIXED