Now this is mostly for squashing the recently announced critical: x86, x32: Correct invalid use of user timespec in the kernel (CVE-2014-0038) I will write a better advisory tomorrow, but so you can start testing: SRPMS: kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga4.src.rpm i586: kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga4-1-1.mga4.i586.rpm kernel-vserver-devel-3.10.28-0.vs2.3.6.8.1.mga4-1-1.mga4.i586.rpm kernel-vserver-devel-latest-3.10.28-0.vs2.3.6.8.1.mga4.i586.rpm kernel-vserver-doc-3.10.28-0.vs2.3.6.8.1.mga4.noarch.rpm kernel-vserver-latest-3.10.28-0.vs2.3.6.8.1.mga4.i586.rpm kernel-vserver-source-3.10.28-0.vs2.3.6.8.1.mga4-1-1.mga4.noarch.rpm kernel-vserver-source-latest-3.10.28-0.vs2.3.6.8.1.mga4.noarch.rpm x86_64: kernel-vserver-3.10.28-0.vs2.3.6.8.1.mga4-1-1.mga4.x86_64.rpm kernel-vserver-devel-3.10.28-0.vs2.3.6.8.1.mga4-1-1.mga4.x86_64.rpm kernel-vserver-devel-latest-3.10.28-0.vs2.3.6.8.1.mga4.x86_64.rpm kernel-vserver-doc-3.10.28-0.vs2.3.6.8.1.mga4.noarch.rpm kernel-vserver-latest-3.10.28-0.vs2.3.6.8.1.mga4.x86_64.rpm kernel-vserver-source-3.10.28-0.vs2.3.6.8.1.mga4-1-1.mga4.noarch.rpm kernel-vserver-source-latest-3.10.28-0.vs2.3.6.8.1.mga4.noarch.rpm Reproducible: Steps to Reproduce:
i586 virtualbox, installs and boots fine to X. Nothing tested beyond.
CC: (none) => stormi
When testing these alternative kernels (-linus, -rt, -tmb, -vserver) it is necessary to use the dkms driver packages, dkms-nvidia* and dkms-fglrx etc. rather than the pre-built kmod packages such as nvidia-current-kernel-desktop-latest. Pre-built kmod packages only support the specific kernel they are built for, which forms part of the package name. Dkms packages actually build the driver on the next boot for whichever kernel you are using. It means the first boot after installing the new kernel will take longer than expected. Allow it to complete, normally a minute or couple of minutes, depending on your hardware. You can see it building if you remove "splash quiet" options from the kernel command line or press escape as it boots so you can see the text. It shows and a series of dots ". . . . ."
Advisory: This kernel update provides an update to 3.12.9 and fixes the following critical security issue: Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038) For other changes, see the referenced changelog: References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.9
Gah, copy-paste error.... Correct advisory: Advisory: This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038) Faults during task-switch due to unhandled FPU-exceptions allow to kill processes at random on all affected kernels, resulting in local DOS in the end. One some architectures, privilege escalation under non-common circumstances is possible. (CVE-2014-1438) The hamradio yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446) Linux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is vulnerable to an information leakage flaw. It could occur when communicating over direct client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's content, wherein an uninitialised 'buffer' object is copied to a socket buffer and sent over to the other end of a connection. (CVE-2014-1690) For other changes, see the referenced changelogs: References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.28
General boot ok, mga4-64. Dkms modules build normally.
CC: (none) => wrw105
Testing Mageia 4 i586.
CC: (none) => remi
Mageia 4 i586 with 2x2 CPUs and 4 GB RAM (though kernel-vserver is designed for < 3 GB RAM according to its description). Boots fine and could build my two installed dkms modules, namely dkms-bbswitch and dkms-nvidia-current. Normal usage seems fine, still I'm experiencing an issue with the nvidia driver (hybrid graphics, enabled using bumblebee): [akien@mga4-32 ~]$ optirun glxspheres [ 78.301274] [ERROR]Cannot access secondary GPU - error: [XORG] (EE) NVIDIA(GPU-0): Failed to initialize the NVIDIA GPU at PCI:1:0:0. Please [ 78.301306] [ERROR]Aborting because fallback start is disabled. [root@mga4-32 akien]# dmesg |tail -11 [ 36.201540] xt_CT: No such helper "netbios-ns" [ 76.199390] bbswitch: enabling discrete graphics [ 76.607485] pci 0000:01:00.0: power state changed by ACPI to D0 [ 76.983039] vgaarb: device changed decodes: PCI:0000:01:00.0,olddecodes=io+mem,decodes=none:owns=none [ 76.983215] [drm] Initialized nvidia-drm 0.0.0 20130102 for 0000:01:00.0 on minor 1 [ 76.983222] NVRM: loading NVIDIA UNIX x86 Kernel Module 331.38 Wed Jan 8 18:44:57 PST 2014 [ 77.993769] nvidia 0000:01:00.0: irq 49 for MSI/MSI-X [ 78.428592] vmap allocation for size 16781312 failed: use vmalloc=<size> to increase size. [ 78.430833] NVRM: RmInitAdapter failed! (0x25:0xffffffff:1156) [ 78.430841] NVRM: rm_init_adapter failed for device bearing minor number 0 [ 78.430868] NVRM: nvidia_frontend_open: minor 0, module->open() failed, error -5 I don't think that it's related to the update though, but more to the fact that this kernel might not be adapted to bumblebee/hybrid graphics. WDYT tmb?
Yeah, I'm not surprised the -vserver kernel gets into trouble with especially with proprieetary drivers, as it's developed for a server usage where you dont really want any "external" drivers unless you have to support some special storage or network hardware... but bove you see what it has problem with: "vmap allocation for size 16781312 failed: use vmalloc=<size> to increase size." we have a patch in core kernel wich raises this, but I haven't added it to the special kernels...
Then I'll consider that the update does its job, either way I don't plan on using -vserver kernels to use my nvidia GPU :)
Whiteboard: (none) => MGA4-32-OK
BTW the kernel-vserver says it all: "NOTE: This kernel is only patched with vserver patch."
Advisory uploaded
Whiteboard: MGA4-32-OK => MGA4-32-OK advisory
Keywords: (none) => validated_updateWhiteboard: MGA4-32-OK advisory => MGA4-64-OK MGA4-32-OK advisoryCC: (none) => sysadmin-bugs
I forgot the comment... validated based on 64bit tested in comment5 and 32bit tested in comment 9
Update pushed: http://advisories.mageia.org/MGASA-2014-0064.html
Status: NEW => RESOLVEDResolution: (none) => FIXED