Now this is mostly for squashing the recently announced critical: x86, x32: Correct invalid use of user timespec in the kernel (CVE-2014-0038) but it also updates to 3.10.28 to squash a few more less critical secururity issues and other bugfixes like some laptop overheating reported by some with the 3.10.24 kernel. I will write a better advisory tomorrow, but so you can start testing: SRPMS: kernel-3.10.28-1.mga3.src.rpm kernel-userspace-headers-3.10.28-1.mga3.src.rpm kmod-vboxadditions-4.2.16-7.mga3.src.rpm kmod-virtualbox-4.2.16-7.mga3.src.rpm kmod-xtables-addons-2.3-11.mga3.src.rpm fglrx-13.251-1.mga3.nonfree.src.rpm kmod-broadcom-wl-6.30.223.141-10.mga3.nonfree.src.rpm kmod-fglrx-13.251-3.mga3.nonfree.src.rpm kmod-nvidia173-173.14.38-27.mga3.nonfree.src.rpm kmod-nvidia304-304.108-12.mga3.nonfree.src.rpm kmod-nvidia-current-319.60-11.mga3.nonfree.src.rpm i586: cpupower-3.10.28-1.mga3.i586.rpm cpupower-devel-3.10.28-1.mga3.i586.rpm kernel-desktop-3.10.28-1.mga3-1-1.mga3.i586.rpm kernel-desktop586-3.10.28-1.mga3-1-1.mga3.i586.rpm kernel-desktop586-devel-3.10.28-1.mga3-1-1.mga3.i586.rpm kernel-desktop586-devel-latest-3.10.28-1.mga3.i586.rpm kernel-desktop586-latest-3.10.28-1.mga3.i586.rpm kernel-desktop-devel-3.10.28-1.mga3-1-1.mga3.i586.rpm kernel-desktop-devel-latest-3.10.28-1.mga3.i586.rpm kernel-desktop-latest-3.10.28-1.mga3.i586.rpm kernel-doc-3.10.28-1.mga3.noarch.rpm kernel-server-3.10.28-1.mga3-1-1.mga3.i586.rpm kernel-server-devel-3.10.28-1.mga3-1-1.mga3.i586.rpm kernel-server-devel-latest-3.10.28-1.mga3.i586.rpm kernel-server-latest-3.10.28-1.mga3.i586.rpm kernel-source-3.10.28-1.mga3-1-1.mga3.noarch.rpm kernel-source-latest-3.10.28-1.mga3.noarch.rpm kernel-userspace-headers-3.10.28-1.mga3.i586.rpm perf-3.10.28-1.mga3.i586.rpm vboxadditions-kernel-3.10.28-desktop-1.mga3-4.2.16-7.mga3.i586.rpm vboxadditions-kernel-3.10.28-desktop586-1.mga3-4.2.16-7.mga3.i586.rpm vboxadditions-kernel-3.10.28-server-1.mga3-4.2.16-7.mga3.i586.rpm vboxadditions-kernel-desktop586-latest-4.2.16-7.mga3.i586.rpm vboxadditions-kernel-desktop-latest-4.2.16-7.mga3.i586.rpm vboxadditions-kernel-server-latest-4.2.16-7.mga3.i586.rpm virtualbox-kernel-3.10.28-desktop-1.mga3-4.2.16-7.mga3.i586.rpm virtualbox-kernel-3.10.28-desktop586-1.mga3-4.2.16-7.mga3.i586.rpm virtualbox-kernel-3.10.28-server-1.mga3-4.2.16-7.mga3.i586.rpm virtualbox-kernel-desktop586-latest-4.2.16-7.mga3.i586.rpm virtualbox-kernel-desktop-latest-4.2.16-7.mga3.i586.rpm virtualbox-kernel-server-latest-4.2.16-7.mga3.i586.rpm xtables-addons-kernel-3.10.28-desktop-1.mga3-2.3-11.mga3.i586.rpm xtables-addons-kernel-3.10.28-desktop586-1.mga3-2.3-11.mga3.i586.rpm xtables-addons-kernel-3.10.28-server-1.mga3-2.3-11.mga3.i586.rpm xtables-addons-kernel-desktop586-latest-2.3-11.mga3.i586.rpm xtables-addons-kernel-desktop-latest-2.3-11.mga3.i586.rpm xtables-addons-kernel-server-latest-2.3-11.mga3.i586.rpm broadcom-wl-kernel-3.10.28-desktop-1.mga3-6.30.223.141-10.mga3.nonfree.i586.rpm broadcom-wl-kernel-3.10.28-desktop586-1.mga3-6.30.223.141-10.mga3.nonfree.i586.rpm broadcom-wl-kernel-3.10.28-server-1.mga3-6.30.223.141-10.mga3.nonfree.i586.rpm broadcom-wl-kernel-desktop586-latest-6.30.223.141-10.mga3.nonfree.i586.rpm broadcom-wl-kernel-desktop-latest-6.30.223.141-10.mga3.nonfree.i586.rpm broadcom-wl-kernel-server-latest-6.30.223.141-10.mga3.nonfree.i586.rpm dkms-fglrx-13.251-1.mga3.nonfree.i586.rpm fglrx-control-center-13.251-1.mga3.nonfree.i586.rpm fglrx-devel-13.251-1.mga3.nonfree.i586.rpm fglrx-kernel-3.10.28-desktop-1.mga3-13.251-3.mga3.nonfree.i586.rpm fglrx-kernel-3.10.28-desktop586-1.mga3-13.251-3.mga3.nonfree.i586.rpm fglrx-kernel-3.10.28-server-1.mga3-13.251-3.mga3.nonfree.i586.rpm fglrx-kernel-desktop586-latest-13.251-3.mga3.nonfree.i586.rpm fglrx-kernel-desktop-latest-13.251-3.mga3.nonfree.i586.rpm fglrx-kernel-server-latest-13.251-3.mga3.nonfree.i586.rpm fglrx-opencl-13.251-1.mga3.nonfree.i586.rpm x11-driver-video-fglrx-13.251-1.mga3.nonfree.i586.rpm nvidia173-kernel-3.10.28-desktop-1.mga3-173.14.38-27.mga3.nonfree.i586.rpm nvidia173-kernel-3.10.28-desktop586-1.mga3-173.14.38-27.mga3.nonfree.i586.rpm nvidia173-kernel-3.10.28-server-1.mga3-173.14.38-27.mga3.nonfree.i586.rpm nvidia173-kernel-desktop586-latest-173.14.38-27.mga3.nonfree.i586.rpm nvidia173-kernel-desktop-latest-173.14.38-27.mga3.nonfree.i586.rpm nvidia173-kernel-server-latest-173.14.38-27.mga3.nonfree.i586.rpm nvidia304-kernel-3.10.28-desktop-1.mga3-304.108-12.mga3.nonfree.i586.rpm nvidia304-kernel-3.10.28-desktop586-1.mga3-304.108-12.mga3.nonfree.i586.rpm nvidia304-kernel-3.10.28-server-1.mga3-304.108-12.mga3.nonfree.i586.rpm nvidia304-kernel-desktop586-latest-304.108-12.mga3.nonfree.i586.rpm nvidia304-kernel-desktop-latest-304.108-12.mga3.nonfree.i586.rpm nvidia304-kernel-server-latest-304.108-12.mga3.nonfree.i586.rpm nvidia-current-kernel-3.10.28-desktop-1.mga3-319.60-11.mga3.nonfree.i586.rpm nvidia-current-kernel-3.10.28-desktop586-1.mga3-319.60-11.mga3.nonfree.i586.rpm nvidia-current-kernel-3.10.28-server-1.mga3-319.60-11.mga3.nonfree.i586.rpm nvidia-current-kernel-desktop586-latest-319.60-11.mga3.nonfree.i586.rpm nvidia-current-kernel-desktop-latest-319.60-11.mga3.nonfree.i586.rpm nvidia-current-kernel-server-latest-319.60-11.mga3.nonfree.i586.rpm x86_64: cpupower-3.10.28-1.mga3.x86_64.rpm cpupower-devel-3.10.28-1.mga3.x86_64.rpm kernel-desktop-3.10.28-1.mga3-1-1.mga3.x86_64.rpm kernel-desktop-devel-3.10.28-1.mga3-1-1.mga3.x86_64.rpm kernel-desktop-devel-latest-3.10.28-1.mga3.x86_64.rpm kernel-desktop-latest-3.10.28-1.mga3.x86_64.rpm kernel-doc-3.10.28-1.mga3.noarch.rpm kernel-server-3.10.28-1.mga3-1-1.mga3.x86_64.rpm kernel-server-devel-3.10.28-1.mga3-1-1.mga3.x86_64.rpm kernel-server-devel-latest-3.10.28-1.mga3.x86_64.rpm kernel-server-latest-3.10.28-1.mga3.x86_64.rpm kernel-source-3.10.28-1.mga3-1-1.mga3.noarch.rpm kernel-source-latest-3.10.28-1.mga3.noarch.rpm kernel-userspace-headers-3.10.28-1.mga3.x86_64.rpm kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3.x86_64.rpm perf-3.10.28-1.mga3.x86_64.rpm vboxadditions-kernel-3.10.28-desktop-1.mga3-4.2.16-7.mga3.x86_64.rpm vboxadditions-kernel-3.10.28-server-1.mga3-4.2.16-7.mga3.x86_64.rpm vboxadditions-kernel-desktop-latest-4.2.16-7.mga3.x86_64.rpm vboxadditions-kernel-server-latest-4.2.16-7.mga3.x86_64.rpm virtualbox-kernel-3.10.28-desktop-1.mga3-4.2.16-7.mga3.x86_64.rpm virtualbox-kernel-3.10.28-server-1.mga3-4.2.16-7.mga3.x86_64.rpm virtualbox-kernel-desktop-latest-4.2.16-7.mga3.x86_64.rpm virtualbox-kernel-server-latest-4.2.16-7.mga3.x86_64.rpm xtables-addons-kernel-3.10.28-desktop-1.mga3-2.3-11.mga3.x86_64.rpm xtables-addons-kernel-3.10.28-server-1.mga3-2.3-11.mga3.x86_64.rpm xtables-addons-kernel-desktop-latest-2.3-11.mga3.x86_64.rpm xtables-addons-kernel-server-latest-2.3-11.mga3.x86_64.rpm broadcom-wl-kernel-3.10.28-desktop-1.mga3-6.30.223.141-10.mga3.nonfree.x86_64.rpm broadcom-wl-kernel-3.10.28-server-1.mga3-6.30.223.141-10.mga3.nonfree.x86_64.rpm broadcom-wl-kernel-desktop-latest-6.30.223.141-10.mga3.nonfree.x86_64.rpm broadcom-wl-kernel-server-latest-6.30.223.141-10.mga3.nonfree.x86_64.rpm dkms-fglrx-13.251-1.mga3.nonfree.x86_64.rpm fglrx-control-center-13.251-1.mga3.nonfree.x86_64.rpm fglrx-devel-13.251-1.mga3.nonfree.x86_64.rpm fglrx-kernel-3.10.28-desktop-1.mga3-13.251-3.mga3.nonfree.x86_64.rpm fglrx-kernel-3.10.28-server-1.mga3-13.251-3.mga3.nonfree.x86_64.rpm fglrx-kernel-desktop-latest-13.251-3.mga3.nonfree.x86_64.rpm fglrx-kernel-server-latest-13.251-3.mga3.nonfree.x86_64.rpm fglrx-opencl-13.251-1.mga3.nonfree.x86_64.rpm x11-driver-video-fglrx-13.251-1.mga3.nonfree.x86_64.rpm nvidia173-kernel-3.10.28-desktop-1.mga3-173.14.38-27.mga3.nonfree.x86_64.rpm nvidia173-kernel-3.10.28-server-1.mga3-173.14.38-27.mga3.nonfree.x86_64.rpm nvidia173-kernel-desktop-latest-173.14.38-27.mga3.nonfree.x86_64.rpm nvidia173-kernel-server-latest-173.14.38-27.mga3.nonfree.x86_64.rpm nvidia304-kernel-3.10.28-desktop-1.mga3-304.108-12.mga3.nonfree.x86_64.rpm nvidia304-kernel-3.10.28-server-1.mga3-304.108-12.mga3.nonfree.x86_64.rpm nvidia304-kernel-desktop-latest-304.108-12.mga3.nonfree.x86_64.rpm nvidia304-kernel-server-latest-304.108-12.mga3.nonfree.x86_64.rpm nvidia-current-kernel-3.10.28-desktop-1.mga3-319.60-11.mga3.nonfree.x86_64.rpm nvidia-current-kernel-3.10.28-server-1.mga3-319.60-11.mga3.nonfree.x86_64.rpm nvidia-current-kernel-desktop-latest-319.60-11.mga3.nonfree.x86_64.rpm nvidia-current-kernel-server-latest-319.60-11.mga3.nonfree.x86_64.rpm Reproducible: Steps to Reproduce:
Don't forget to enable Nonfree Updates Testing when installing the updates for this one.
Just tested this kernel before I upgrade, and it looks there is no regression.
Whiteboard: (none) => mga3-64-ok
No issues 32bit with kernel-desktop586 (P4 nvidia-current). There are various PoC's for this CVE but I've not had any success with them yet so just testing everything works as it should with the updates installed. I'll try the same machine with kernel-desktop.
I installed ALL i586 packages from the update in virtualbox. It went fine. urpmi kernel-desktop-latest kernel-server-latest kernel-desktop586-latest --search-media testing then urpmi vboxadditions-kernel-desktop586-latest vboxadditions-kernel-desktop-latest vboxadditions-kernel-server-latest virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest xtables-addons-kernel-desktop586-latest xtables-addons-kernel-desktop-latest xtables-addons-kernel-server-latest broadcom-wl-kernel-desktop586-latest broadcom-wl-kernel-desktop-latest broadcom-wl-kernel-server-latest dkms-fglrx fglrx-control-center fglrx-devel fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest fglrx-opencl x11-driver-video-fglrx nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia173-kernel-server-latest nvidia304-kernel-desktop586-latest nvidia304-kernel-desktop-latest nvidia304-kernel-server-latest nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest --search-media testing Booted the 3 kernel flavours without problems. This doesn't replace testing on real hardware, but at least says there's no obvious installation and boot issue in vbox.
Question (not really related to this update): why is there an update for dkms-fglrx but not for dkms-virtualbox or dkms-nvidia or other dkmss?
CC: (none) => stormi
Unless the version changes dkms will build the current version for the new kernel. Presumably being updated to help with laptops. The others are kmod packages (prebuilt kernel modules) updated so they are prebuilt on the new kernel version.
Testing complete mga3 32 kernel-desktop586 kernel-desktop kernel-server with all kmod's installed, checked with 'dkms status'.
Whiteboard: mga3-64-ok => mga3-64-ok mga3-32-ok
Validating. You'll need to add the advisories for the kernels though please Thomas when you push them. Could sysadmin please push from 3 core/updates_testing to updates. I'll work on other mga3 kernels today too. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
and nonfree :)
Advisory: This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038) Faults during task-switch due to unhandled FPU-exceptions allow to kill processes at random on all affected kernels, resulting in local DOS in the end. One some architectures, privilege escalation under non-common circumstances is possible. (CVE-2014-1438) The hamradio yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446) Linux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is vulnerable to an information leakage flaw. It could occur when communicating over direct client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's content, wherein an uninitialised 'buffer' object is copied to a socket buffer and sent over to the other end of a connection. (CVE-2014-1690) For other changes, see the referenced changelogs: References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.28
addendum to advisory: The proprietary fglrx driver has also been updated from Catalyst 13.11-beta6 to Catalyst 13.12 official driver.
Update pushed: http://advisories.mageia.org/MGASA-2014-0038.html
Status: NEW => RESOLVEDResolution: (none) => FIXEDWhiteboard: mga3-64-ok mga3-32-ok => mga3-64-ok mga3-32-ok advisory