New kernels for test, advisory will follow: SRPMS: kernel-tmb-3.14.37-1.mga4.src.rpm i586: kernel-tmb-desktop-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-devel-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-devel-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-desktop586-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-desktop-devel-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop-devel-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-desktop-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-laptop-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-devel-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-devel-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-laptop-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-server-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-server-devel-3.14.37-1.mga4-1-1.mga4.i586.rpm kernel-tmb-server-devel-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-server-latest-3.14.37-1.mga4.i586.rpm kernel-tmb-source-3.14.37-1.mga4-1-1.mga4.noarch.rpm kernel-tmb-source-latest-3.14.37-1.mga4.noarch.rpm x86_64: kernel-tmb-desktop-3.14.37-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-desktop-devel-3.14.37-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-desktop-devel-latest-3.14.37-1.mga4.x86_64.rpm kernel-tmb-desktop-latest-3.14.37-1.mga4.x86_64.rpm kernel-tmb-laptop-3.14.37-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-laptop-devel-3.14.37-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-laptop-devel-latest-3.14.37-1.mga4.x86_64.rpm kernel-tmb-laptop-latest-3.14.37-1.mga4.x86_64.rpm kernel-tmb-server-3.14.37-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-server-devel-3.14.37-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-server-devel-latest-3.14.37-1.mga4.x86_64.rpm kernel-tmb-server-latest-3.14.37-1.mga4.x86_64.rpm kernel-tmb-source-3.14.37-1.mga4-1-1.mga4.noarch.rpm kernel-tmb-source-latest-3.14.37-1.mga4.noarch.rpm Reproducible: Steps to Reproduce:
taking this back, there is reports of btrfs hangs on reboot
Assignee: qa-bugs => tmb
btrfs fix and a infiniband CVE fix added, new list: SRPMS: kernel-tmb-3.14.37-2.mga4.src.rpm i586: kernel-tmb-desktop-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-desktop586-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-desktop586-devel-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-desktop586-devel-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-desktop586-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-desktop-devel-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-desktop-devel-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-desktop-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-laptop-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-laptop-devel-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-laptop-devel-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-laptop-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-server-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-server-devel-3.14.37-2.mga4-1-2.mga4.i586.rpm kernel-tmb-server-devel-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-server-latest-3.14.37-2.mga4.i586.rpm kernel-tmb-source-3.14.37-2.mga4-1-2.mga4.noarch.rpm kernel-tmb-source-latest-3.14.37-2.mga4.noarch.rpm x86_64: kernel-tmb-desktop-3.14.37-2.mga4-1-2.mga4.x86_64.rpm kernel-tmb-desktop-devel-3.14.37-2.mga4-1-2.mga4.x86_64.rpm kernel-tmb-desktop-devel-latest-3.14.37-2.mga4.x86_64.rpm kernel-tmb-desktop-latest-3.14.37-2.mga4.x86_64.rpm kernel-tmb-laptop-3.14.37-2.mga4-1-2.mga4.x86_64.rpm kernel-tmb-laptop-devel-3.14.37-2.mga4-1-2.mga4.x86_64.rpm kernel-tmb-laptop-devel-latest-3.14.37-2.mga4.x86_64.rpm kernel-tmb-laptop-latest-3.14.37-2.mga4.x86_64.rpm kernel-tmb-server-3.14.37-2.mga4-1-2.mga4.x86_64.rpm kernel-tmb-server-devel-3.14.37-2.mga4-1-2.mga4.x86_64.rpm kernel-tmb-server-devel-latest-3.14.37-2.mga4.x86_64.rpm kernel-tmb-server-latest-3.14.37-2.mga4.x86_64.rpm kernel-tmb-source-3.14.37-2.mga4-1-2.mga4.noarch.rpm kernel-tmb-source-latest-3.14.37-2.mga4.noarch.rpm
Assignee: tmb => qa-bugsSummary: Update request: kernel-tmb-3.14.37-1.mga4 => Update request: kernel-tmb-3.14.37-2.mga4Source RPM: kernel-tmb-3.14.37-1.mga4.src.rpm => kernel-tmb-3.14.37-2.mga4.src.rpm
In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-tmb-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 00:43:59 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.32-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.37-tmb-desktop-2.mga4 #1 SMP PREEMPT Fri Apr 3 10:27:16 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.37-2.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-tmb-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 00:43:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.37-tmb-desktop-2.mga4 #1 SMP PREEMPT Fri Apr 3 10:32:21 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.37-2.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Taking the kernels back :/ Turns out a fix for tcp fastopen in 3.14.37 causes a regression that has turned into a local dos security issue fixed in 3.14.39 So I will roll out new sets based on 3.14.39
New rpms for test: SRPMS: kernel-tmb-3.14.39-1.mga4.src.rpm i586: kernel-tmb-desktop-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-devel-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-devel-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-desktop586-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-desktop-devel-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop-devel-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-desktop-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-laptop-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-devel-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-devel-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-laptop-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-server-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-server-devel-3.14.39-1.mga4-1-1.mga4.i586.rpm kernel-tmb-server-devel-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-server-latest-3.14.39-1.mga4.i586.rpm kernel-tmb-source-3.14.39-1.mga4-1-1.mga4.noarch.rpm kernel-tmb-source-latest-3.14.39-1.mga4.noarch.rpm x86_64: kernel-tmb-desktop-3.14.39-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-desktop-devel-3.14.39-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-desktop-devel-latest-3.14.39-1.mga4.x86_64.rpm kernel-tmb-desktop-latest-3.14.39-1.mga4.x86_64.rpm kernel-tmb-laptop-3.14.39-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-laptop-devel-3.14.39-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-laptop-devel-latest-3.14.39-1.mga4.x86_64.rpm kernel-tmb-laptop-latest-3.14.39-1.mga4.x86_64.rpm kernel-tmb-server-3.14.39-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-server-devel-3.14.39-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-server-devel-latest-3.14.39-1.mga4.x86_64.rpm kernel-tmb-server-latest-3.14.39-1.mga4.x86_64.rpm kernel-tmb-source-3.14.39-1.mga4-1-1.mga4.noarch.rpm kernel-tmb-source-latest-3.14.39-1.mga4.noarch.rpm
Assignee: tmb => qa-bugsSummary: Update request: kernel-tmb-3.14.37-2.mga4 => Update request: kernel-tmb-3.14.39-1.mga4Source RPM: kernel-tmb-3.14.37-2.mga4.src.rpm => kernel-tmb-3.14.39-1.mga4.src.rpm
In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-tmb-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 00:43:59 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.32-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.39-tmb-desktop-1.mga4 #1 SMP PREEMPT Sun Apr 19 15:10:34 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.39-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-tmb-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 01:52:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.39-tmb-desktop-1.mga4 #1 SMP PREEMPT Sun Apr 19 15:29:50 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.39-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Adding feedback marker for now as this will be updated for new CVE's again before pushing.
Whiteboard: (none) => feedback
new kernel-tmb series to test, advisory will follow... SRPM: kernel-tmb-3.14.41-1.mga4.src.rpm i586: kernel-tmb-desktop-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-devel-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-devel-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-desktop586-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-desktop-devel-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop-devel-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-desktop-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-laptop-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-devel-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-devel-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-laptop-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-server-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-server-devel-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-server-devel-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-server-latest-3.14.41-1.mga4.i586.rpm kernel-tmb-source-3.14.41-1.mga4-1-1.mga4.noarch.rpm kernel-tmb-source-latest-3.14.41-1.mga4.noarch.rpm x86_64: kernel-tmb-desktop-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-desktop-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-desktop-devel-latest-3.14.41-1.mga4.x86_64.rpm kernel-tmb-desktop-latest-3.14.41-1.mga4.x86_64.rpm kernel-tmb-laptop-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-laptop-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-laptop-devel-latest-3.14.41-1.mga4.x86_64.rpm kernel-tmb-laptop-latest-3.14.41-1.mga4.x86_64.rpm kernel-tmb-server-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-server-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-tmb-server-devel-latest-3.14.41-1.mga4.x86_64.rpm kernel-tmb-server-latest-3.14.41-1.mga4.x86_64.rpm kernel-tmb-source-3.14.41-1.mga4-1-1.mga4.noarch.rpm kernel-tmb-source-latest-3.14.41-1.mga4.noarch.rpm
Summary: Update request: kernel-tmb-3.14.39-1.mga4 => Update request: kernel-tmb-3.14.41-1.mga4Source RPM: kernel-tmb-3.14.39-1.mga4.src.rpm => kernel-tmb-3.14.41-1.mga4.src.rpmWhiteboard: feedback => (none)
(In reply to Thomas Backlund from comment #10) > new kernel-tmb series to test, advisory will follow... > > SRPM: > kernel-tmb-3.14.41-1.mga4.src.rpm > x86_64: > kernel-tmb-desktop-3.14.41-1.mga4-1-1.mga4.x86_64.rpm > kernel-tmb-desktop-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm > kernel-tmb-desktop-devel-latest-3.14.41-1.mga4.x86_64.rpm > kernel-tmb-desktop-latest-3.14.41-1.mga4.x86_64.rpm > kernel-tmb-laptop-3.14.41-1.mga4-1-1.mga4.x86_64.rpm > kernel-tmb-laptop-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm > kernel-tmb-laptop-devel-latest-3.14.41-1.mga4.x86_64.rpm > kernel-tmb-laptop-latest-3.14.41-1.mga4.x86_64.rpm > kernel-tmb-server-3.14.41-1.mga4-1-1.mga4.x86_64.rpm > kernel-tmb-server-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm > kernel-tmb-server-devel-latest-3.14.41-1.mga4.x86_64.rpm > kernel-tmb-server-latest-3.14.41-1.mga4.x86_64.rpm > kernel-tmb-source-3.14.41-1.mga4-1-1.mga4.noarch.rpm > kernel-tmb-source-latest-3.14.41-1.mga4.noarch.rpm I tested the latest kernel-tmb-laptop on my Mageia 4 x86-64 Acer Laptop and everything seems to be in order: * YouTube Video+Audio. * VLC Video+Audio. * KDE 4. * Firefox+an HTML 5 Demo. * Pidgin. * Extreme Tux Racer. My computer's specs are: ««« I also have an Acer Aspire 5738DZG laptop with the following specs: Intel Pentium(R) Dual-Core CPU T4300 @ 2.10GHz. (x86-64). ATI Mobility Radeon⢠HD 4570 (r700) 15.6â³ 3D HD LCD Screen. 3 GB Memory 320 GB Hard Disk Drive. âDVD Super Multi DL driveâ Acer Nplify⢠802.11b/g/n. »»»
CC: (none) => shlomif
Now I tested kernel-tmp-desktop on the same set-up (the Acer Aspire laptop) and everything is fine there.
i586: kernel-tmb-desktop-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-desktop586-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-tmb-laptop-3.14.41-1.mga4-1-1.mga4.i586.rpm The same results in comment 5 https://bugs.mageia.org/show_bug.cgi?id=15872
CC: (none) => neoser10
In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-tmb-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 00:43:59 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.32-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-tmb-desktop-1.mga4 #1 SMP PREEMPT Thu May 7 08:05:33 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.41-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Advisory: This kernel-tmb update is based on upstream -longterm 3.14.41 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system (CVE-2014-8159) net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c (CVE-2015-1593) Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (CVE-2015-2150) Sasha Levin discovered that the LLC subsystem exposed some variables as sysctls with the wrong type. On a 64-bit kernel, this possibly allows privilege escalation from a process with CAP_NET_ADMIN capability; it also results in a trivial information leak (CVE-2015-2041). Sasha Levin discovered that the RDS subsystem exposed some variables as sysctls with the wrong type. On a 64-bit kernel, this results in a trivial information leak (CVE-2015-2042). Andrew Lutomirski discovered that when a 64-bit task on an amd64 kernel makes a fork(2) or clone(2) system call using int $0x80, the 32-bit compatibility flag is set (correctly) but is not cleared on return. As a result, both seccomp and audit will misinterpret the following system call by the task(s), possibly leading to a violation of security policy (CVE-2015-2830). Stephan Mueller discovered that the optimised implementation of RFC4106 GCM for x86 processors that support AESNI miscalculated buffer addresses in some cases. If an IPsec tunnel is configured to use this mode (also known as AES-GCM-ESP) this can lead to memory corruption and crashes (even without malicious traffic). This could potentially also result in remote code execution (CVE-2015-3331). Ben Hutchings discovered that the TCP Fast Open feature regressed in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used. This can be used as a local denial of service (CVE-2015-3332) It was found that the Linux kernel's ping socket implementation didn't properly handle socket unhashing during spurious disconnects which could lead to use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to increase their privileges on the system. Note: By default ping sockets are disabled on the system (net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the system administrator for specific user groups in order to exploit this issue (CVE-2015-3636). For other fixes in this update, see the referenced changelogs. References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.33 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.34 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.35 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.36 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.37 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.38 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.39 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.40 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.41
In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-tmb-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 01:52:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-tmb-desktop-1.mga4 #1 SMP PREEMPT Thu May 7 07:30:26 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-3.14.41-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Testing complete mga4 64 Tested tmb-desktop, tmb-server & tmb-laptop with dkms modules broadcom-wl, fglrx, nvidia-current, nvidia173, nvidia304, libafs (the update from bug 15912), virtualbox, vboxadditions and xtables-addons
Whiteboard: (none) => mga4-64-ok
Testing complete mga4 32 Tested tmb-desktop, tmb-desktop586, tmb-server & tmb-laptop with dkms modules broadcom-wl, fglrx, nvidia-current, nvidia173, nvidia304, libafs (the update from bug 15912), virtualbox, vboxadditions and xtables-addons
Whiteboard: mga4-64-ok => mga4-32-ok mga4-64-ok
Depends on: (none) => 15912
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga4-32-ok mga4-64-ok => advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0219.html
Status: NEW => RESOLVEDResolution: (none) => FIXED