Bug 12525 - Update request: kernel-tmb-3.12.9-1.mga4
: Update request: kernel-tmb-3.12.9-1.mga4
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 4
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
:
: advisory MGA4-64-OK MGA4-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-02-02 15:22 CET by Thomas Backlund
Modified: 2014-02-10 21:30 CET (History)
3 users (show)

See Also:
Source RPM: kernel-tmb-3.12.9-1.mga4.src.rpm
CVE:


Attachments

Description Thomas Backlund 2014-02-02 15:22:48 CET
Now this is mostly for squashing the recently announced critical:

x86, x32: Correct invalid use of user timespec in the kernel (CVE-2014-0038)

I will write a better advisory tomorrow, but so you can start testing:

SRPMS:
kernel-tmb-3.12.9-1.mga4.src.rpm


i586:
kernel-tmb-desktop-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop586-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop586-devel-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop586-devel-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-desktop586-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-desktop-devel-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop-devel-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-desktop-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-laptop-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-laptop-devel-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-laptop-devel-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-laptop-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-server-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-server-devel-3.12.9-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-server-devel-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-server-latest-3.12.9-1.mga4.i586.rpm
kernel-tmb-source-3.12.9-1.mga4-1-1.mga4.noarch.rpm
kernel-tmb-source-latest-3.12.9-1.mga4.noarch.rpm


x86_64:
kernel-tmb-desktop-3.12.9-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-3.12.9-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.12.9-1.mga4.x86_64.rpm
kernel-tmb-desktop-latest-3.12.9-1.mga4.x86_64.rpm
kernel-tmb-laptop-3.12.9-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-laptop-devel-3.12.9-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.12.9-1.mga4.x86_64.rpm
kernel-tmb-laptop-latest-3.12.9-1.mga4.x86_64.rpm
kernel-tmb-server-3.12.9-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-server-devel-3.12.9-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-server-devel-latest-3.12.9-1.mga4.x86_64.rpm
kernel-tmb-server-latest-3.12.9-1.mga4.x86_64.rpm
kernel-tmb-source-3.12.9-1.mga4-1-1.mga4.noarch.rpm
kernel-tmb-source-latest-3.12.9-1.mga4.noarch.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2014-02-06 13:59:44 CET
When testing these alternative kernels (-linus, -rt, -tmb, -vserver) it is necessary to use the dkms driver packages, dkms-nvidia* and dkms-fglrx etc. rather than the pre-built kmod packages such as nvidia-current-kernel-desktop-latest.

Pre-built kmod packages only support the specific kernel they are built for, which forms part of the package name.

Dkms packages actually build the driver on the next boot for whichever kernel you are using. It means the first boot after installing the new kernel will take longer than expected. Allow it to complete, normally a minute or couple of minutes, depending on your hardware. You can see it building if you remove "splash quiet" options from the kernel command line or press escape as it boots so you can see the text. It shows and a series of dots ". . . . ."
Comment 2 Thomas Backlund 2014-02-06 19:29:34 CET
Advisory:
  This kernel update provides an update to 3.12.9 and fixes the following
  critical security issue:

  Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called
  from code using the x32 ABI. An unprivileged local user could exploit this
  flaw to cause a denial of service (system crash) or gain administrator
  privileges (CVE-2014-0038)

  For other changes, see the referenced changelog:


References:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.9
Comment 3 Bill Wilkinson 2014-02-08 21:36:08 CET
Tested mga4-64.  

No splash screen during boot, but dkms packages build normally. The first video shown is, in my case, the nvidia splash screen.  I asked tmb about it on irc and he would rather not delay the security update with a rebuild.

tmb	wrw105, yeah, they are "OK" as such as it's not a regression from x86_64 release kernels... seems I never enabled FB_SIMPLE on them even if I did for i586
tmb	I'll queue it up for next update but I'd rather not delay the security fix

otherwise these are OK for me.  I'll give it a couple of hours and if nobody else chimes in I'll OK mga4-64.
Comment 4 Bill Wilkinson 2014-02-09 01:17:36 CET
Tested mga4-32.

Splash screen is present, apparently dkms modules build at install.

Boot into system is normal.

If no other testers in the next few hours, I'll ok both 32 and 64 bit for advisory upload to svn and validation.
Comment 5 David GEIGER 2014-02-09 12:44:58 CET
Tested mga4_64,

Testing complete mga4 x86_64,Nothing to report, all seems work nice on my laptop.

kernel-tmb-laptop-devel-latest-3.12.9-1.mga4
kernel-tmb-laptop-devel-3.12.9-1.mga4-1-1.mga4
kernel-tmb-laptop-latest-3.12.9-1.mga4
kernel-tmb-laptop-3.12.9-1.mga4-1-1.mga4
Comment 6 David GEIGER 2014-02-09 12:46:20 CET
Tested mag4_32,

Testing complete mga4 i586, Nothing to report, all seems work nice on my laptop.

kernel-tmb-laptop-devel-latest-3.12.9-1.mga4
kernel-tmb-laptop-devel-3.12.9-1.mga4-1-1.mga4
kernel-tmb-laptop-latest-3.12.9-1.mga4
kernel-tmb-laptop-3.12.9-1.mga4-1-1.mga4
Comment 7 claire robinson 2014-02-10 16:31:50 CET
Advisory uploaded. Validating.

Could sysadmin please push to 4 updates

Thanks
Comment 8 Thomas Backlund 2014-02-10 21:30:56 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0046.html

Note You need to log in before you can comment on or make changes to this bug.