Bug 14571 - Update request: kernel-3.10.60-1.mga3
Summary: Update request: kernel-3.10.60-1.mga3
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA3-32-OK MGA3-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-11-16 10:56 CET by Thomas Backlund
Modified: 2014-11-21 13:45 CET (History)
3 users (show)

See Also:
Source RPM: kernel-3.10.60-1.mga3
CVE:
Status comment:


Attachments

Description Thomas Backlund 2014-11-16 10:56:34 CET
Advisory:


This kernel update is based on upstream -longterm 3.10.60 and
fixes the following security issues:

The WRMSR processing functionality in the KVM subsystem in the Linux
kernel through 3.17.2 does not properly handle the writing of a non-
canonical address to a model-specific register, which allows guest OS
users to cause a denial of service (host OS crash) by leveraging guest
OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).

Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS crash)
by leveraging incorrect PIT emulation (CVE-2014-3611).

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through
3.17.2 does not properly perform RIP changes, which allows guest OS users
to cause a denial of service (guest OS crash) via a crafted application
(CVE-2014-3647).

For other upstream changes, read the referenced changelogs.

References:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.59
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.60





SRPMS:
kernel-3.10.60-1.mga3.src.rpm
kernel-userspace-headers-3.10.60-1.mga3.src.rpm
kmod-vboxadditions-4.3.18-3.mga3.src.rpm
kmod-virtualbox-4.3.18-3.mga3.src.rpm
kmod-xtables-addons-2.3-25.mga3.src.rpm

kmod-broadcom-wl-6.30.223.141-25.mga3.nonfree.src.rpm
kmod-fglrx-13.251-15.mga3.nonfree.src.rpm
kmod-nvidia173-173.14.38-39.mga3.nonfree.src.rpm
kmod-nvidia304-304.108-25.mga3.nonfree.src.rpm
kmod-nvidia-current-319.60-25.mga3.nonfree.src.rpm



i586:
cpupower-3.10.60-1.mga3.i586.rpm
cpupower-devel-3.10.60-1.mga3.i586.rpm
kernel-desktop-3.10.60-1.mga3-1-1.mga3.i586.rpm
kernel-desktop586-3.10.60-1.mga3-1-1.mga3.i586.rpm
kernel-desktop586-devel-3.10.60-1.mga3-1-1.mga3.i586.rpm
kernel-desktop586-devel-latest-3.10.60-1.mga3.i586.rpm
kernel-desktop586-latest-3.10.60-1.mga3.i586.rpm
kernel-desktop-devel-3.10.60-1.mga3-1-1.mga3.i586.rpm
kernel-desktop-devel-latest-3.10.60-1.mga3.i586.rpm
kernel-desktop-latest-3.10.60-1.mga3.i586.rpm
kernel-doc-3.10.60-1.mga3.noarch.rpm
kernel-server-3.10.60-1.mga3-1-1.mga3.i586.rpm
kernel-server-devel-3.10.60-1.mga3-1-1.mga3.i586.rpm
kernel-server-devel-latest-3.10.60-1.mga3.i586.rpm
kernel-server-latest-3.10.60-1.mga3.i586.rpm
kernel-source-3.10.60-1.mga3-1-1.mga3.noarch.rpm
kernel-source-latest-3.10.60-1.mga3.noarch.rpm
kernel-userspace-headers-3.10.60-1.mga3.i586.rpm
perf-3.10.60-1.mga3.i586.rpm

vboxadditions-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.i586.rpm
vboxadditions-kernel-3.10.60-desktop586-1.mga3-4.3.18-3.mga3.i586.rpm
vboxadditions-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.i586.rpm
vboxadditions-kernel-desktop586-latest-4.3.18-3.mga3.i586.rpm
vboxadditions-kernel-desktop-latest-4.3.18-3.mga3.i586.rpm
vboxadditions-kernel-server-latest-4.3.18-3.mga3.i586.rpm

virtualbox-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.i586.rpm
virtualbox-kernel-3.10.60-desktop586-1.mga3-4.3.18-3.mga3.i586.rpm
virtualbox-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.i586.rpm
virtualbox-kernel-desktop586-latest-4.3.18-3.mga3.i586.rpm
virtualbox-kernel-desktop-latest-4.3.18-3.mga3.i586.rpm
virtualbox-kernel-server-latest-4.3.18-3.mga3.i586.rpm

xtables-addons-kernel-3.10.60-desktop-1.mga3-2.3-25.mga3.i586.rpm
xtables-addons-kernel-3.10.60-desktop586-1.mga3-2.3-25.mga3.i586.rpm
xtables-addons-kernel-3.10.60-server-1.mga3-2.3-25.mga3.i586.rpm
xtables-addons-kernel-desktop586-latest-2.3-25.mga3.i586.rpm
xtables-addons-kernel-desktop-latest-2.3-25.mga3.i586.rpm
xtables-addons-kernel-server-latest-2.3-25.mga3.i586.rpm

broadcom-wl-kernel-3.10.60-desktop-1.mga3-6.30.223.141-25.mga3.nonfree.i586.rpm
broadcom-wl-kernel-3.10.60-desktop586-1.mga3-6.30.223.141-25.mga3.nonfree.i586.rpm
broadcom-wl-kernel-3.10.60-server-1.mga3-6.30.223.141-25.mga3.nonfree.i586.rpm
broadcom-wl-kernel-desktop586-latest-6.30.223.141-25.mga3.nonfree.i586.rpm
broadcom-wl-kernel-desktop-latest-6.30.223.141-25.mga3.nonfree.i586.rpm
broadcom-wl-kernel-server-latest-6.30.223.141-25.mga3.nonfree.i586.rpm

fglrx-kernel-3.10.60-desktop-1.mga3-13.251-15.mga3.nonfree.i586.rpm
fglrx-kernel-3.10.60-desktop586-1.mga3-13.251-15.mga3.nonfree.i586.rpm
fglrx-kernel-3.10.60-server-1.mga3-13.251-15.mga3.nonfree.i586.rpm
fglrx-kernel-desktop586-latest-13.251-15.mga3.nonfree.i586.rpm
fglrx-kernel-desktop-latest-13.251-15.mga3.nonfree.i586.rpm
fglrx-kernel-server-latest-13.251-15.mga3.nonfree.i586.rpm

nvidia173-kernel-3.10.60-desktop-1.mga3-173.14.38-39.mga3.nonfree.i586.rpm
nvidia173-kernel-3.10.60-desktop586-1.mga3-173.14.38-39.mga3.nonfree.i586.rpm
nvidia173-kernel-3.10.60-server-1.mga3-173.14.38-39.mga3.nonfree.i586.rpm
nvidia173-kernel-desktop586-latest-173.14.38-39.mga3.nonfree.i586.rpm
nvidia173-kernel-desktop-latest-173.14.38-39.mga3.nonfree.i586.rpm
nvidia173-kernel-server-latest-173.14.38-39.mga3.nonfree.i586.rpm

nvidia304-kernel-3.10.60-desktop-1.mga3-304.108-25.mga3.nonfree.i586.rpm
nvidia304-kernel-3.10.60-desktop586-1.mga3-304.108-25.mga3.nonfree.i586.rpm
nvidia304-kernel-3.10.60-server-1.mga3-304.108-25.mga3.nonfree.i586.rpm
nvidia304-kernel-desktop586-latest-304.108-25.mga3.nonfree.i586.rpm
nvidia304-kernel-desktop-latest-304.108-25.mga3.nonfree.i586.rpm
nvidia304-kernel-server-latest-304.108-25.mga3.nonfree.i586.rpm

nvidia-current-kernel-3.10.60-desktop-1.mga3-319.60-25.mga3.nonfree.i586.rpm
nvidia-current-kernel-3.10.60-desktop586-1.mga3-319.60-25.mga3.nonfree.i586.rpm
nvidia-current-kernel-3.10.60-server-1.mga3-319.60-25.mga3.nonfree.i586.rpm
nvidia-current-kernel-desktop586-latest-319.60-25.mga3.nonfree.i586.rpm
nvidia-current-kernel-desktop-latest-319.60-25.mga3.nonfree.i586.rpm
nvidia-current-kernel-server-latest-319.60-25.mga3.nonfree.i586.rpm



x86_64:
cpupower-3.10.60-1.mga3.x86_64.rpm
cpupower-devel-3.10.60-1.mga3.x86_64.rpm
kernel-desktop-3.10.60-1.mga3-1-1.mga3.x86_64.rpm
kernel-desktop-devel-3.10.60-1.mga3-1-1.mga3.x86_64.rpm
kernel-desktop-devel-latest-3.10.60-1.mga3.x86_64.rpm
kernel-desktop-latest-3.10.60-1.mga3.x86_64.rpm
kernel-doc-3.10.60-1.mga3.noarch.rpm
kernel-server-3.10.60-1.mga3-1-1.mga3.x86_64.rpm
kernel-server-devel-3.10.60-1.mga3-1-1.mga3.x86_64.rpm
kernel-server-devel-latest-3.10.60-1.mga3.x86_64.rpm
kernel-server-latest-3.10.60-1.mga3.x86_64.rpm
kernel-source-3.10.60-1.mga3-1-1.mga3.noarch.rpm
kernel-source-latest-3.10.60-1.mga3.noarch.rpm
kernel-userspace-headers-3.10.60-1.mga3.x86_64.rpm
perf-3.10.60-1.mga3.x86_64.rpm

vboxadditions-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.x86_64.rpm
vboxadditions-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.x86_64.rpm
vboxadditions-kernel-desktop-latest-4.3.18-3.mga3.x86_64.rpm
vboxadditions-kernel-server-latest-4.3.18-3.mga3.x86_64.rpm

virtualbox-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.x86_64.rpm
virtualbox-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.x86_64.rpm
virtualbox-kernel-desktop-latest-4.3.18-3.mga3.x86_64.rpm
virtualbox-kernel-server-latest-4.3.18-3.mga3.x86_64.rpm

xtables-addons-kernel-3.10.60-desktop-1.mga3-2.3-25.mga3.x86_64.rpm
xtables-addons-kernel-3.10.60-server-1.mga3-2.3-25.mga3.x86_64.rpm
xtables-addons-kernel-desktop-latest-2.3-25.mga3.x86_64.rpm
xtables-addons-kernel-server-latest-2.3-25.mga3.x86_64.rpm

broadcom-wl-kernel-3.10.60-desktop-1.mga3-6.30.223.141-25.mga3.nonfree.x86_64.rpm
broadcom-wl-kernel-3.10.60-server-1.mga3-6.30.223.141-25.mga3.nonfree.x86_64.rpm
broadcom-wl-kernel-desktop-latest-6.30.223.141-25.mga3.nonfree.x86_64.rpm
broadcom-wl-kernel-server-latest-6.30.223.141-25.mga3.nonfree.x86_64.rpm

fglrx-kernel-3.10.60-desktop-1.mga3-13.251-15.mga3.nonfree.x86_64.rpm
fglrx-kernel-3.10.60-server-1.mga3-13.251-15.mga3.nonfree.x86_64.rpm
fglrx-kernel-desktop-latest-13.251-15.mga3.nonfree.x86_64.rpm
fglrx-kernel-server-latest-13.251-15.mga3.nonfree.x86_64.rpm

nvidia173-kernel-3.10.60-desktop-1.mga3-173.14.38-39.mga3.nonfree.x86_64.rpm
nvidia173-kernel-3.10.60-server-1.mga3-173.14.38-39.mga3.nonfree.x86_64.rpm
nvidia173-kernel-desktop-latest-173.14.38-39.mga3.nonfree.x86_64.rpm
nvidia173-kernel-server-latest-173.14.38-39.mga3.nonfree.x86_64.rpm

nvidia304-kernel-3.10.60-desktop-1.mga3-304.108-25.mga3.nonfree.x86_64.rpm
nvidia304-kernel-3.10.60-server-1.mga3-304.108-25.mga3.nonfree.x86_64.rpm
nvidia304-kernel-desktop-latest-304.108-25.mga3.nonfree.x86_64.rpm
nvidia304-kernel-server-latest-304.108-25.mga3.nonfree.x86_64.rpm

nvidia-current-kernel-3.10.60-desktop-1.mga3-319.60-25.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-3.10.60-server-1.mga3-319.60-25.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-desktop-latest-319.60-25.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-server-latest-319.60-25.mga3.nonfree.x86_64.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-11-17 15:47:40 CET
Tested fine with kernel-desktop in Virtualbox, on my older PogoLinux machine at home, and on my Dell Inspiron 600m laptop, and with kernel-server in VMWare, my newer PogoLinux machine at home, and my Dell Optiplex 990 at work.  All Mageia 3 i586.

Whiteboard: (none) => MGA3-32-OK

Comment 2 Marja Van Waes 2014-11-17 16:46:26 CET
on https://wiki.mageia.org/en/User:Marja/QA/Hardware#NVidia_system_from_Alternate
updated the following packages to the mentioned versions:
cpupower-3.10.60-1.mga3.x86_64 
kernel-desktop-3.10.60-1.mga3-1-1.mga3.x86_64 
kernel-desktop-devel-3.10.60-1.mga3-1-1.mga3.x86_64 
kernel-desktop-devel-latest-3.10.60-1.mga3.x86_64 
kernel-desktop-latest-3.10.60-1.mga3.x86_64 
kernel-userspace-headers-3.10.60-1.mga3.x86_64 
nvidia-current-kernel-3.10.60-desktop-1.mga3-319.60-25.mga3.nonfree.x86_64 
nvidia-current-kernel-desktop-latest-319.60-25.mga3.nonfree.x86_64

After reboot, using the proprietary NVidia driver, everything looks OK: LAN, Firefox, VLC (sound + video + subtitles), konsole, switching to a text tty and  running "top" there all work fine.

CC: (none) => marja11

Comment 3 David Walser 2014-11-18 18:43:13 CET
Validating now.

Could someone please upload the advisory?

Sysadmins, you can push this to core/updates on the advisory is uploaded.  Thanks.

Keywords: (none) => validated_update
Whiteboard: MGA3-32-OK => MGA3-32-OK MGA3-64-OK
CC: (none) => sysadmin-bugs

Comment 4 Rémi Verschelde 2014-11-19 13:07:35 CET
Advisory uploaded.

CC: (none) => remi
Whiteboard: MGA3-32-OK MGA3-64-OK => MGA3-32-OK MGA3-64-OK advisory

Comment 5 Mageia Robot 2014-11-21 13:45:54 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0475.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.