New round for testing, advisory will follow... SRPM: kernel-rt-3.14.32-0.rt28.1.mga4.src.rpm i586: kernel-rt-3.14.32-0.rt28.1.mga4-1-1.mga4.i586.rpm kernel-rt-devel-3.14.32-0.rt28.1.mga4-1-1.mga4.i586.rpm kernel-rt-devel-latest-3.14.32-0.rt28.1.mga4.i586.rpm kernel-rt-doc-3.14.32-0.rt28.1.mga4.noarch.rpm kernel-rt-latest-3.14.32-0.rt28.1.mga4.i586.rpm kernel-rt-source-3.14.32-0.rt28.1.mga4-1-1.mga4.noarch.rpm kernel-rt-source-latest-3.14.32-0.rt28.1.mga4.noarch.rpm x86_64: kernel-rt-3.14.32-0.rt28.1.mga4-1-1.mga4.x86_64.rpm kernel-rt-devel-3.14.32-0.rt28.1.mga4-1-1.mga4.x86_64.rpm kernel-rt-devel-latest-3.14.32-0.rt28.1.mga4.x86_64.rpm kernel-rt-doc-3.14.32-0.rt28.1.mga4.noarch.rpm kernel-rt-latest-3.14.32-0.rt28.1.mga4.x86_64.rpm kernel-rt-source-3.14.32-0.rt28.1.mga4-1-1.mga4.noarch.rpm kernel-rt-source-latest-3.14.32-0.rt28.1.mga4.noarch.rpm Reproducible: Steps to Reproduce:
Advisory: This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue (CVE-2013-6885) Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value (CVE-2014-0206). media-device: fix infoleak in ioctl media_enum_entities() (CVE-2014-1739) The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (CVE-2014-3153) The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (CVE-2014-3601). The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (CVE-2014-3610). Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation (CVE-2014-3611). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3646). arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3647). kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. To avoid this and other issues CONFIG_AUDITSYSCALL has been disabled. (CVE-2014-3917) The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root (CVE-2014-4014) mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (CVE-2014-4171). arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (CVE-2014-4508). A flaw was found in the way reference counting was handled in the Linux kernels VFS subsystem when unmount on symlink was performed. An unprivileged local user could use this flaw to cause OOM conditions leading to denial of service or, potentially, trigger use-after-free error (CVE-2014-5045). Linux kernel built with the support for Stream Control Transmission Protocol (CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between the same pair of hosts. A remote user/program could use this flaw to crash the system kernel resulting in DoS (CVE.2014-5077). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (CVE-2014-7970). arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value (CVE-2014-8133). The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (CVE-2014-8134). The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (CVE-2014-8989). arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (CVE-2014-9322). On x86_64 Linux kernels a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs (CVE-2014-9419). Linux kernel built with the iso9660 file system (CONFIG_ISO9660_FS) support is vulnerable to an infinite recursion loop flaw, which could lead to a crash or render a system unresponsive/unusable after a while. This occurs while mounting an iso9660 image. An unprivileged user/process could use this flaw to crash the system resulting in DoS (CVE-2014-9420). The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets (CVE-2014-9428). Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (CVE-2014-9529). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image (CVE-2014-9584). The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (CVE-2014-9585). Linux Kernel 2.6.38 through 3.18 are affected by a flaw in the Crypto API that allows any local user to load any installed kernel module on systems where CONFIG_CRYPTO_USER_API=y by abusing the request_module() call (CVE-2013-7421, CVE-2014-9644). When hitting an sctp INIT collision case during the 4WHS with AUTH enabled, it can create a local denial of service by triggering a panic on server side (CVE-2015-1421). It was found that routing packets to too many different dsts/too fast can lead to a excessive resource consumption. A remote attacker can use this flaw to crash the system (CVE-2015-1465). The -rt patch has been updated to -rt28. For other fixes in this update, see the referenced changelogs. References: http://kernelnewbies.org/Linux_3.13 http://kernelnewbies.org/Linux_3.14 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.4 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.7 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.10 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.12 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.13 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.14 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.15 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.16 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.17 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.18 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.19 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.20 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.21 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.22 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.23 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.24 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.25 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.26 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.27 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.28 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.29 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.30 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.31 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.32
Advisory uploaded.
Whiteboard: (none) => advisory
In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-rt-latest dbus dbus-x11 libdbus1_3 glibc default install of kernel-rt-latest dbus dbus-x11 libdbus1_3 glibc [root@localhost wilcal]# uname -a Linux localhost 3.12.20-0.rt30.1.mga4 #1 SMP PREEMPT RT Fri May 16 16:22:42 UTC 2014 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-rt-latest Package kernel-rt-latest-3.12.20-0.rt30.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.8.mga4.i586 is already installed [root@localhost wilcal]# urpmi dbus-x11 Package dbus-x11-1.6.18-1.8.mga4.i586 is already installed [root@localhost wilcal]# urpmi libdbus1_3 Package libdbus1_3-1.6.18-1.8.mga4.i586 is already installed [root@localhost wilcal]# urpmi libdbus1_3 Package libdbus1_3-1.6.18-1.8.mga4.i586 is already installed [root@localhost wilcal]# urpmi glibc Package glibc-2.18-9.8.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-rt-latest dbus dbus-x11 libdbus1_3 glibc from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.32-0.rt28.1.mga4 #1 SMP PREEMPT RT Sat Feb 7 11:28:54 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-rt-latest Package kernel-rt-latest-3.14.32-0.rt28.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.10.mga4.i586 is already installed [root@localhost wilcal]# urpmi dbus-x11 Package dbus-x11-1.6.18-1.10.mga4.i586 is already installed [root@localhost wilcal]# urpmi libdbus1_3 Package libdbus1_3-1.6.18-1.10.mga4.i586 is already installed [root@localhost wilcal]# urpmi glibc Package glibc-2.18-9.9.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
Whiteboard: advisory => advisory MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-rt-latest dbus dbus-x11 lib64dbus1_3 glibc default install of kernel-rt-latest dbus dbus-x11 lib64dbus1_3 glibc [root@localhost wilcal]# uname -a Linux localhost 3.12.20-0.rt30.1.mga4 #1 SMP PREEMPT RT Fri May 16 16:33:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-rt-latest Package kernel-rt-latest-3.12.20-0.rt30.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.8.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi dbus-x11 Package dbus-x11-1.6.18-1.8.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64dbus1_3 Package lib64dbus1_3-1.6.18-1.8.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi glibc Package glibc-2.18-9.8.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-rt-latest dbus dbus-x11 lib64dbus1_3 glibc from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.32-0.rt28.1.mga4 #1 SMP PREEMPT RT Sat Feb 7 11:17:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-rt-latest Package kernel-rt-latest-3.14.32-0.rt28.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi dbus Package dbus-1.6.18-1.10.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi dbus-x11 Package dbus-x11-1.6.18-1.10.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64dbus1_3 Package lib64dbus1_3-1.6.18-1.10.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi glibc Package glibc-2.18-9.9.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: advisory MGA4-32-OK => advisory MGA4-32-OK MGA4-64-OK
Only one tester so far in virtualbox
Testing complete kernel-rt i586 on pentium M 1.6 laptop. Used code from here to detect the rt kernel https://rt.wiki.kernel.org/index.php/RT_PREEMPT_HOWTO#Checking_the_Kernel #include <string.h> #include <stdio.h> #include <sys/utsname.h> int main(int argc, char **argv) { struct utsname u; int crit1, crit2 = 0; FILE *fd; uname(&u); crit1 = strcasestr (u.version, "PREEMPT RT"); if ((fd = fopen("/sys/kernel/realtime","r")) != NULL) { int flag; crit2 = ((fscanf(fd, "%d", &flag) == 1) && (flag == 1)); fclose(fd); } fprintf(stderr, "this is a %s kernel\n", (crit1 && crit2) ? "PREEMPT RT" : "vanilla"); } Saved as detectrt.c built for 32bit on 32bit machine.. $ gcc -o detectrt32 detectrt.c When run.. $ ./detectrt32 this is a PREEMPT RT kernel Verified with a non rt kernel, it shows "this is a vanilla kernel".
Whiteboard: advisory MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
Validating. Please push to 4 updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0077.html
Status: NEW => RESOLVEDResolution: (none) => FIXED