14309 – Update request: kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3

Bug 14309 - Update request: kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3

Summary: Update request: kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA3-32-OK MGA3-64-OK advisory
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2014-10-16 22:43 CEST by Thomas Backlund
Modified:	2014-11-21 14:38 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3.src.rpm
CVE:
Status comment:

Attachments
journalctl -b (110.07 KB, text/plain) 2014-11-16 11:35 CET, Marja Van Waes	Details
systemctl -a (28.59 KB, text/plain) 2014-11-16 11:35 CET, Marja Van Waes	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2014-10-16 22:43:55 CEST

Advisory coming...


SRPMS:
kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3.src.rpm


i586:
kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3-1-1.mga3.i586.rpm
kernel-vserver-devel-3.10.58-0.vs2.3.6.8.1.mga3-1-1.mga3.i586.rpm
kernel-vserver-devel-latest-3.10.58-0.vs2.3.6.8.1.mga3.i586.rpm
kernel-vserver-doc-3.10.58-0.vs2.3.6.8.1.mga3.noarch.rpm
kernel-vserver-latest-3.10.58-0.vs2.3.6.8.1.mga3.i586.rpm
kernel-vserver-source-3.10.58-0.vs2.3.6.8.1.mga3-1-1.mga3.noarch.rpm
kernel-vserver-source-latest-3.10.58-0.vs2.3.6.8.1.mga3.noarch.rpm


x86_64:
kernel-vserver-3.10.58-0.vs2.3.6.8.1.mga3-1-1.mga3.x86_64.rpm
kernel-vserver-devel-3.10.58-0.vs2.3.6.8.1.mga3-1-1.mga3.x86_64.rpm
kernel-vserver-devel-latest-3.10.58-0.vs2.3.6.8.1.mga3.x86_64.rpm
kernel-vserver-doc-3.10.58-0.vs2.3.6.8.1.mga3.noarch.rpm
kernel-vserver-latest-3.10.58-0.vs2.3.6.8.1.mga3.x86_64.rpm
kernel-vserver-source-3.10.58-0.vs2.3.6.8.1.mga3-1-1.mga3.noarch.rpm
kernel-vserver-source-latest-3.10.58-0.vs2.3.6.8.1.mga3.noarch.rpm


Reproducible: 

Steps to Reproduce:

Comment 1 William Kenney 2014-10-21 04:14:19 CEST

On real hardware, M3, KDE, 32-bit

Package(s) under test:
kernel-vserver-latest

default install of:
kernel-vserver-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.10.51-vserver-0.vs2.3.6.8.1.mga3 #1 SMP Wed Aug 6 17:00:51 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-vserver-latest
Package kernel-vserver-latest-3.10.51-0.vs2.3.6.8.1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

install:
kernel-tmb-latest cpupower xtables-addons-kernel-desktop-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.10.58-vserver-0.vs2.3.6.8.1.mga3 #1 SMP Thu Oct 16 16:56:12 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-vserver-latest
Package kernel-vserver-latest-3.10.58-0.vs2.3.6.8.1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

Test platform:
Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775
GigaByte  GA-81915G Pro F4  i915G  LGA 775  MoBo
 Marvel Yukon 88E8001 Gigabit LAN
 Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel)
 Intel Graphics Media Accelerator 900 (Intel 82915G)
Kingston 4GB (2 x 2GB) DDR400 PC-3200
250GB Seagate
Kingwin KF-91-BK SATA Mobile Rack
Kingwin KF-91-T-BK SATA Mobile Rack Tray
Sony CD/DVD-RW DWQ120AB2

CC: (none) => wilcal.int

Comment 2 Thomas Backlund 2014-10-23 22:19:01 CEST

Advisory:

This kernel-vserver update is based on upstream -longterm 3.10.58 and
fixes the following security issues:

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly
have unspecified other impact by triggering a large gfn value or
(2) cause a denial of service (host OS memory consumption) by
triggering a small gfn value that leads to permanently pinned
pages (CVE-2014-3601).

The assoc_array_gc function in the associative-array implementation
in lib/assoc_array.c in the Linux kernel before 3.16.3 does not
properly implement garbage collection, which allows local users to
cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact via multiple
"keyctl newring" operations followed by a "keyctl timeout"
operation (CVE-2014-3631).

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).

The do_umount function in fs/namespace.c in the Linux kernel 
through 3.17 does not require the CAP_SYS_ADMIN capability for
do_remount_sb calls that change the root filesystem to read-only,
which allows local users to cause a denial of service (loss of
writability) by making certain unshare system calls, clearing the
/ MNT_LOCKED flag, and making an MNT_FORCE umount system call
(CVE-2014-7975).

For other fixes included in this update, read the referenced 
changelogs.

References:
https://bugs.mageia.org/show_bug.cgi?id=14309
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58

Comment 3 Rémi Verschelde 2014-11-12 12:07:26 CET

Advisory uploaded.

Whiteboard: (none) => advisory

Comment 4 David Walser 2014-11-15 05:38:39 CET

Could someone please test this on x86_64?

David Walser 2014-11-15 05:44:56 CET

Whiteboard: advisory => MGA3-32-OK advisory

Comment 5 Marja Van Waes 2014-11-16 10:22:30 CET

(In reply to David Walser from comment #4)
> Could someone please test this on x86_64?

Will do, currently updating an old 64bits Mga3 that hasn't been updated in two months... will test as soon as it is up-to-date

CC: (none) => marja11

Comment 6 Marja Van Waes 2014-11-16 11:35:23 CET

Created attachment 5604 [details]
journalctl -b

(In reply to Marja van Waes from comment #5)
> (In reply to David Walser from comment #4)
> > Could someone please test this on x86_64?
> 
> Will do, currently updating an old 64bits Mga3 that hasn't been updated in
> two months... will test as soon as it is up-to-date

After having updated and rebooted and adding the updates_testing media, I had problems with urpmi.update, after running it the vserver packages didn't seem available. I finally manually downloaded the and installed the 7 vserver packages.

Then there was a problem with the Mageia 4 os-prober not showing a vserver entry on the Mageia 3 partition (I think cauldron os-prober would have seen it), I worked around that by letting Mga3 grub2 overwrite the bootloader in the MBR.

Booting with the vserver kernel then worked fine into RL3, but I'm not sure ipv6 shorewall failed before (saw that message while booting).

I need to leave now, will attach journalctl -b and systemctl -a output

Comment 7 Marja Van Waes 2014-11-16 11:35:59 CET

Created attachment 5605 [details]
systemctl -a

Comment 8 David Walser 2014-11-16 21:42:13 CET

Based on the discussion on IRC, validating this now.

Please push this to updates.  Thanks.

Keywords: (none) => validated_update
Whiteboard: MGA3-32-OK advisory => MGA3-32-OK MGA3-64-OK advisory
CC: (none) => sysadmin-bugs

Comment 9 Mageia Robot 2014-11-21 14:38:34 CET

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0479.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.