Bug 14308 - Update request: kernel-tmb-3.10.58-1.mga3
Summary: Update request: kernel-tmb-3.10.58-1.mga3
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA3-32-OK MGA3-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-10-16 22:43 CEST by Thomas Backlund
Modified: 2014-11-15 19:47 CET (History)
4 users (show)

See Also:
Source RPM: kernel-tmb-3.10.58-1.mga3.src.rpm
CVE:
Status comment:


Attachments

Description Thomas Backlund 2014-10-16 22:43:49 CEST
Advisory to come...


SRPMS:
kernel-tmb-3.10.58-1.mga3.src.rpm


i586:
kernel-tmb-desktop-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-desktop586-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-desktop586-devel-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-desktop586-devel-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-desktop586-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-desktop-devel-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-desktop-devel-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-desktop-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-laptop-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-laptop-devel-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-laptop-devel-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-laptop-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-server-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-server-devel-3.10.58-1.mga3-1-1.mga3.i586.rpm
kernel-tmb-server-devel-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-server-latest-3.10.58-1.mga3.i586.rpm
kernel-tmb-source-3.10.58-1.mga3-1-1.mga3.noarch.rpm
kernel-tmb-source-latest-3.10.58-1.mga3.noarch.rpm


x86_64:
kernel-tmb-desktop-3.10.58-1.mga3-1-1.mga3.x86_64.rpm
kernel-tmb-desktop-devel-3.10.58-1.mga3-1-1.mga3.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.10.58-1.mga3.x86_64.rpm
kernel-tmb-desktop-latest-3.10.58-1.mga3.x86_64.rpm
kernel-tmb-laptop-3.10.58-1.mga3-1-1.mga3.x86_64.rpm
kernel-tmb-laptop-devel-3.10.58-1.mga3-1-1.mga3.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.10.58-1.mga3.x86_64.rpm
kernel-tmb-laptop-latest-3.10.58-1.mga3.x86_64.rpm
kernel-tmb-server-3.10.58-1.mga3-1-1.mga3.x86_64.rpm
kernel-tmb-server-devel-3.10.58-1.mga3-1-1.mga3.x86_64.rpm
kernel-tmb-server-devel-latest-3.10.58-1.mga3.x86_64.rpm
kernel-tmb-server-latest-3.10.58-1.mga3.x86_64.rpm
kernel-tmb-source-3.10.58-1.mga3-1-1.mga3.noarch.rpm
kernel-tmb-source-latest-3.10.58-1.mga3.noarch.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 William Kenney 2014-10-21 04:13:31 CEST
On real hardware, M3, KDE, 32-bit

Package(s) under test:
kernel-tmb-desktop-latest

default install of:
kernel-tmb-desktop-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.10.51-tmb-desktop-1.mga3 #1 SMP PREEMPT Wed Aug 6 16:59:10 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.10.51-1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

install:
kernel-tmb-latest cpupower xtables-addons-kernel-desktop-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.10.58-tmb-desktop-1.mga3 #1 SMP PREEMPT Thu Oct 16 16:23:37 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.10.58-1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

Test platform:
Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775
GigaByte  GA-81915G Pro F4  i915G  LGA 775  MoBo
 Marvel Yukon 88E8001 Gigabit LAN
 Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel)
 Intel Graphics Media Accelerator 900 (Intel 82915G)
Kingston 4GB (2 x 2GB) DDR400 PC-3200
250GB Seagate
Kingwin KF-91-BK SATA Mobile Rack
Kingwin KF-91-T-BK SATA Mobile Rack Tray
Sony CD/DVD-RW DWQ120AB2

CC: (none) => wilcal.int

Comment 2 William Kenney 2014-10-21 05:59:14 CEST
On real hardware, M3, KDE, 64-bit

Package(s) under test:
kernel-tmb-desktop-latest

default install of:
kernel-tmb-desktop-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.10.51-tmb-desktop-1.mga3 #1 SMP PREEMPT Wed Aug 6 16:59:10 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.10.51-1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

install:
kernel-tmb-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.10.58-tmb-desktop-1.mga3 #1 SMP PREEMPT Thu Oct 16 16:16:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.10.58-1.mga3.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Comment 3 William Kenney 2014-10-21 06:00:31 CEST
On real hardware, M3, KDE, 64-bit

Package(s) under test:
kernel-vserver-latest

default install of:
kernel-vserver-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.10.51-vserver-0.vs2.3.6.8.1.mga3 #1 SMP Wed Aug 6 17:07:47 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-vserver-latest
Package kernel-vserver-latest-3.10.51-0.vs2.3.6.8.1.mga3.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

install:
kernel-vserver-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.10.58-vserver-0.vs2.3.6.8.1.mga3 #1 SMP Thu Oct 16 16:56:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-vserver-latest
Package kernel-vserver-latest-3.10.58-0.vs2.3.6.8.1.mga3.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Comment 4 olivier charles 2014-10-21 21:34:29 CEST
Testing on real HW Mageia3-64, Gnome,

kernel-tmb-desktop-latest

Current package :
- kernel-tmb-desktop-3.10.51-1.mga3-1-1.mga3.x86_64
- kernel-tmb-desktop-latest-3.10.51-1.mga3.x86_64

Works fine, unable to use nvidia or nouveau drivers, reverting to vesa.


Updates-testing
- kernel-tmb-desktop-3.10.58-1.mga3-1-1.mga3.x86_64
- kernel-tmb-desktop-latest-3.10.58-1.mga3.x86_64

$ uname -a
Linux localhost 3.10.58-tmb-desktop-1.mga3 #1 SMP PREEMPT Thu Oct 16 16:16:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Works fine, still unable to use nvidia or nouveau drivers, reverting to vesa.


Processor    : 4x Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Motherboard  : MSI B85-G43
Memory       : 8103MB (2 x 4GB)
Graphic card : GeForce GTX 750/PCIe/SSE2
Ethernet     : RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller rev 06

CC: (none) => olchal

Comment 5 William Kenney 2014-10-21 23:15:28 CEST
(In reply to olivier charles from comment #4)

> Works fine, still unable to use nvidia or nouveau drivers, reverting to vesa.

Maybe tmb will comment on this but I think the nvidia drivers does
not work in kernel-tmb. vesa should be fine. Next time I power up
my test computer I check on nouveau.
Comment 6 Bill Wilkinson 2014-10-22 01:09:08 CEST
Olivier:

Are you using the kmod drivers or dkms?  Previous releases of the tmb kernels have worked with the dkms modules--I haven't had the chance to look at the current release.

CC: (none) => wrw105

Comment 7 Thomas Backlund 2014-10-22 07:33:00 CEST
nvidia drivers should work, but you need the dmks-nvidia* as we only prebuild modules for core kernel...
Comment 8 olivier charles 2014-10-22 13:36:42 CEST
I am using dkms-nvidia-current (319.60). This driver doesn't list my graphic card as supported (GTX 750), only GTX 750M for laptop

I had the same problem with previous kernel (3-10-50) so this is not new for me nor a regression. I had just hoped that the new kernel would allow me to at least use the nouveau driver.

I can use the official driver on nvidia site which installs well but it is not advised to do so if I want to test packages with this installation.
Comment 9 Thomas Backlund 2014-10-23 22:18:30 CEST
Advisory:
This kernel-tmb update is based on upstream -longterm 3.10.58 and
fixes the following security issues:

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly
have unspecified other impact by triggering a large gfn value or
(2) cause a denial of service (host OS memory consumption) by
triggering a small gfn value that leads to permanently pinned
pages (CVE-2014-3601).

The assoc_array_gc function in the associative-array implementation
in lib/assoc_array.c in the Linux kernel before 3.16.3 does not
properly implement garbage collection, which allows local users to
cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact via multiple
"keyctl newring" operations followed by a "keyctl timeout"
operation (CVE-2014-3631).

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).

The do_umount function in fs/namespace.c in the Linux kernel 
through 3.17 does not require the CAP_SYS_ADMIN capability for
do_remount_sb calls that change the root filesystem to read-only,
which allows local users to cause a denial of service (loss of
writability) by making certain unshare system calls, clearing the
/ MNT_LOCKED flag, and making an MNT_FORCE umount system call
(CVE-2014-7975).

For other fixes included in this update, read the referenced 
changelogs.

References:
https://bugs.mageia.org/show_bug.cgi?id=14308
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58
Comment 10 Rémi Verschelde 2014-11-12 12:05:44 CET
Advisory uploaded.

Whiteboard: (none) => advisory

Comment 11 David Walser 2014-11-15 05:37:40 CET
Validating.  Sysadmins, please push this to updates.  Thank you.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

David Walser 2014-11-15 05:41:25 CET

Whiteboard: advisory => MGA3-32-OK MGA3-64-OK advisory

Comment 12 David Walser 2014-11-15 19:43:53 CET
Updates were just pushed but this one was missed...
Comment 13 Mageia Robot 2014-11-15 19:47:47 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0459.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.