new kernel-linus for test, advisory will follow SRPM: kernel-linus-3.14.41-1.mga4.src.rpm i586: kernel-linus-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-linus-devel-3.14.41-1.mga4-1-1.mga4.i586.rpm kernel-linus-devel-latest-3.14.41-1.mga4.i586.rpm kernel-linus-doc-3.14.41-1.mga4.noarch.rpm kernel-linus-latest-3.14.41-1.mga4.i586.rpm kernel-linus-source-3.14.41-1.mga4-1-1.mga4.noarch.rpm kernel-linus-source-latest-3.14.41-1.mga4.noarch.rpm x86_64: kernel-linus-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-linus-devel-3.14.41-1.mga4-1-1.mga4.x86_64.rpm kernel-linus-devel-latest-3.14.41-1.mga4.x86_64.rpm kernel-linus-doc-3.14.41-1.mga4.noarch.rpm kernel-linus-latest-3.14.41-1.mga4.x86_64.rpm kernel-linus-source-3.14.41-1.mga4-1-1.mga4.noarch.rpm kernel-linus-source-latest-3.14.41-1.mga4.noarch.rpm Reproducible: Steps to Reproduce:
Advisory: This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). It was found that the Linux kernel's ping socket implementation didn't properly handle socket unhashing during spurious disconnects which could lead to use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to increase their privileges on the system. Note: By default ping sockets are disabled on the system (net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the system administrator for specific user groups in order to exploit this issue (CVE-2015-3636). For other fixes in this update, see the referenced changelogs. References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.40 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.41
In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-linus-latest default install of kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-1.mga4 #1 SMP Fri Feb 6 23:51:22 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.32-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-linus-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-1.mga4 #1 SMP Thu May 7 07:05:48 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.41-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-linus-latest default install of kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.39-1.mga4 #1 SMP Sun Apr 19 13:48:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.39-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-linus-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-1.mga4 #1 SMP Thu May 7 06:56:24 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.41-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Testing complete mga4 32 & 64 Testing with dkms modules broadcom-wl, fglrx, nvidia-current, nvidia173, nvidia304, libafs (the update from bug 15912), virtualbox, vboxadditions and xtables-addons
Depends on: (none) => 15912Whiteboard: (none) => mga4-32-ok mga4-64-ok
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga4-32-ok mga4-64-ok => advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0221.html
Status: NEW => RESOLVEDResolution: (none) => FIXED