Now this is mostly for squashing the recently announced critical: x86, x32: Correct invalid use of user timespec in the kernel (CVE-2014-0038) but it also updates to 3.10.28 to squash a few more less critical secururity issues and other bugfixes like some laptop overheating reported by some with the 3.10.24 kernel. I will write a better advisory tomorrow, but so you can start testing: SRPMS: kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga3.src.rpm i586: kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3.i586.rpm kernel-vserver-devel-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3.i586.rpm kernel-vserver-devel-latest-3.10.28-0.vs2.3.6.8.1.mga3.i586.rpm kernel-vserver-doc-3.10.28-0.vs2.3.6.8.1.mga3.noarch.rpm kernel-vserver-latest-3.10.28-0.vs2.3.6.8.1.mga3.i586.rpm kernel-vserver-source-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3.noarch.rpm kernel-vserver-source-latest-3.10.28-0.vs2.3.6.8.1.mga3.noarch.rpm x86_64: kernel-vserver-devel-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3.x86_64.rpm kernel-vserver-devel-latest-3.10.28-0.vs2.3.6.8.1.mga3.x86_64.rpm kernel-vserver-doc-3.10.28-0.vs2.3.6.8.1.mga3.noarch.rpm kernel-vserver-latest-3.10.28-0.vs2.3.6.8.1.mga3.x86_64.rpm kernel-vserver-source-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3.noarch.rpm kernel-vserver-source-latest-3.10.28-0.vs2.3.6.8.1.mga3.noarch.rpm Reproducible: Steps to Reproduce:
When testing these alternative kernels (-linus, -rt, -tmb, -vserver) it is necessary to use the dkms driver packages, dkms-nvidia* and dkms-fglrx etc. rather than the pre-built kmod packages such as nvidia-current-kernel-desktop-latest. Pre-built kmod packages only support the specific kernel they are built for, which forms part of the package name. Dkms packages actually build the driver on the next boot for whichever kernel you are using. It means the first boot after installing the new kernel will take longer than expected. Allow it to complete, normally a minute or couple of minutes, depending on your hardware. You can see it building if you remove "splash quiet" options from the kernel command line or press escape as it boots so you can see the text. It shows and a series of dots ". . . . ."
Actually all the others, the dkms modules are built at install/update but vserver builds at boot. Seem to remember it's been like this for a while. It does build OK though and no issues so testing complete mga3 32
Whiteboard: (none) => mga3-32-ok
Advisory: This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038) Faults during task-switch due to unhandled FPU-exceptions allow to kill processes at random on all affected kernels, resulting in local DOS in the end. One some architectures, privilege escalation under non-common circumstances is possible. (CVE-2014-1438) The hamradio yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446) Linux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is vulnerable to an information leakage flaw. It could occur when communicating over direct client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's content, wherein an uninitialised 'buffer' object is copied to a socket buffer and sent over to the other end of a connection. (CVE-2014-1690) For other changes, see the referenced changelogs: References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.28
tested mga3-64. On initial boot, x did not start until alt-sysrq-re pressed. rebooting proceeded normally
CC: (none) => wrw105
(In reply to Bill Wilkinson from comment #4) > tested mga3-64. > > On initial boot, x did not start until alt-sysrq-re pressed. rebooting > proceeded normally Is it a regression regarding previous version in updates?
CC: (none) => stormi
Waiting for Bill's answer to comment #5, regarding X that did not start easily. Tested in virtualbox mga3-64, boots fine. However, installing the dkms-vboxadditions package after installing the kernel doesn't work. Is it the same bug you were talking about previously about kernel-linus (IIRC), claire and tmb? [root@localhost ~]# urpmi dkms-vboxadditions $MIRRORLIST: media/core/updates/dkms-vboxadditions-4.2.16-1.mga3.noarch.rpm installation de dkms-vboxadditions-4.2.16-1.mga3.noarch.rpm depuis /var/cache/urpmi/rpms Préparation... ############################################################################ 1/1: dkms-vboxadditions ############################################################################ + /usr/sbin/dkms --rpm_safe_upgrade add -m vboxadditions -v 4.2.16-1.mga3 Creating symlink /var/lib/dkms/vboxadditions/4.2.16-1.mga3/source -> /usr/src/vboxadditions-4.2.16-1.mga3 DKMS: add Completed. + /usr/sbin/dkms --rpm_safe_upgrade build -m vboxadditions -v 4.2.16-1.mga3 Error! Your kernel devel files for kernel 3.10.28-vserver-0.vs2.3.6.8.1.mga3 cannot be found at /lib/modules/3.10.28-vserver-0.vs2.3.6.8.1.mga3/build or /lib/modules/3.10.28-vserver-0.vs2.3.6.8.1.mga3/source. You can use the --kernelsourcedir option to tell DKMS where it's located. + : [samuel@localhost ~]$ rpm -qa | grep kernel | sort kernel-desktop-3.10.28-1.mga3-1-1.mga3 kernel-desktop-3.8.13-1.mga3-1-1.mga3 kernel-desktop-devel-3.10.28-1.mga3-1-1.mga3 kernel-desktop-devel-3.8.13-1.mga3-1-1.mga3 kernel-desktop-devel-latest-3.10.28-1.mga3 kernel-desktop-latest-3.10.28-1.mga3 kernel-firmware-20130624-1.mga3 kernel-firmware-nonfree-20130624-1.mga3.nonfree kernel-userspace-headers-3.10.28-1.mga3 kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga3-1-1.mga3 kernel-vserver-latest-3.10.28-0.vs2.3.6.8.1.mga3 vboxadditions-kernel-3.10.28-desktop-1.mga3-4.2.16-7.mga3 vboxadditions-kernel-3.8.13-desktop-1.mga3-4.2.12-11.mga3 vboxadditions-kernel-desktop-latest-4.2.16-7.mga3
Whiteboard: mga3-32-ok => mga3-32-ok feedback
Samuel can you check the symlinks please with ls -l /lib/modules/3.10.28-vserver-0.vs2.3.6.8.1.mga3
Oh, sorry. Looking at your rpm list you haven't installed kernel-vserver-devel-latest which is needed to be able to build the module.
Tested this here this morning too with all dkms modules apart from vboxadditions ironically and it was OK.
(In reply to claire robinson from comment #8) > Oh, sorry. Looking at your rpm list you haven't installed > kernel-vserver-devel-latest which is needed to be able to build the module. Yes, with this package it works. That's why I asked, I thought that was the bug you were talking about with tmb (dkms-* not requiring the devel package for the installed kernel) but maybe it isn't. Does not impact validating.
Whiteboard: mga3-32-ok feedback => mga3-32-ok mga3-64-ok
Validating. Advisory uploaded. Could sysadmin please push to 3 updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga3-32-ok mga3-64-ok => advisory mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0055.html
Status: NEW => RESOLVEDResolution: (none) => FIXED