In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
kernel-tmb-desktop-latest

default install of kernel-tmb-desktop-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.19.8-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri May 22 01:17:24 UTC 2015 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.19.8-1.mga5.i586 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

install kernel-linus-latest from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 4.1.15-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 25 18:14:22 UTC 2015 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-4.1.15-1.mga5.i586 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

CC: (none) => wilcal.int

In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
kernel-tmb-desktop-latest

default install of kernel-tmb-desktop-latest

Linux localhost 3.19.8-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri May 22 01:30:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.19.8-1.mga5.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

install kernel-linus-latest from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 4.1.15-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 25 18:08:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-4.1.15-1.mga5.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

mga5  x86_64  Mate

Gigabyte Sniper.Z97
Intel Core i7-4790K @4.00GHz
nvidia GeForce GTX 770
driver 346.96
display Idek Iiyama PL2779Q 2560x1440

kernel-tmb-desktop-latest from Core/Updates Testing booted OK.
[lcl@vega ~]$ uname -a
Linux vega 4.1.15-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 25 18:08:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Tested several everyday applications - no problems there.

CC: (none) => tarazed25

advisory (also added to svn):

  This kernel-tmb update provides an upgrade to the upstream 4.1 longterm
  kernel series, currently based on 4.1.15 and resolves atleast the
  following security issues:

  It was found that the Linux kernel's keyring implementation would leak
  memory when adding a key to a keyring via the add_key() function. A
  local attacker could use this flaw to exhaust all available memory on
  the system. (CVE-2015-1333)

  A flaw was found in the Linux kernel where the deletion of a file or
  directory could trigger an unmount and reveal data under a mount point.
  This flaw was inadvertently introduced with the new feature of being able
  to lazily unmount a mount tree when using file system user namespaces.
  (CVE-2015-4176)

  A flaw was discovered in the kernel's collect_mounts function. If the kernel
  audit subsystem called collect_mounts to audit an unmounted path, it could
  panic the system. With this flaw, an unprivileged user could call umount
  (MNT_DETACH) to launch a denial-of-service attack. (CVE-2015-4177)

  A flaw was found in the Linux kernel which is related to the user namespace
  lazily unmounting file systems. The fs_pin struct has two members (m_list
  and s_list) which are usually initialized on use in the pin_insert_group
  function. However, these members might go unmodified; in this case, the
  system panics when it attempts to destroy or free them. This flaw could be
  used to launch a denial-of-service attack. (CVE-2015-4178)

  A DoS flaw was found for a Linux kernel built for the x86 architecture which
  had the KVM virtualization support(CONFIG_KVM) enabled. The kernel would be
  vulnerable to a NULL pointer dereference flaw in Linux kernel's
  kvm_apic_has_events() function while doing an ioctl. An unprivileged user
  able to access the "/dev/kvm" device could use this flaw to crash the system
  kernel. (CVE-2015-4692)

  A flaw was found in the kernel's implementation of the Berkeley Packet
  Filter (BPF). A local attacker could craft BPF code to crash the system
  by creating a situation in which the JIT compiler would fail to correctly
  optimize the JIT image on the last pass. This would lead to the CPU
  executing instructions that were not part of the JIT code. (CVE-2015-4700)

  The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel
  before 4.2 attempts to support a FRAGLIST feature without proper memory
  allocation, which allows guest OS users to cause a denial of service (buffer
  overflow and memory corruption) via a crafted sequence of fragmented packets.
  (CVE-2015-5156)

  Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
  hardcoded attributes about the USB devices. An attacker could construct a
  fake WhiteHEAT USB device that, when inserted, causes a denial of service
  (system crash) (CVE-2015-5257).

  A guest to host DoS issue was found affecting various hypervisors. In that,
  a guest can DoS the host by triggering an infinite stream of "alignment
  check" (#AC) exceptions. This causes the microcode to enter an infinite loop
  where the core never receives another interrupt. The host kernel panics due
  to this effect (CVE-2015-5307).

  The get_bitmap_file function in drivers/md/md.c in the Linux kernel before
  4.1.6 does not initialize a certain bitmap data structure, which allows
  local users to obtain sensitive information from kernel memory via a
  GET_BITMAP_FILE ioctl call. (CVE-2015-5697)

  Use-after-free vulnerability in the path_openat function in fs/namei.c in
  the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a
  denial of service or possibly have unspecified other impact via O_TMPFILE
  filesystem operations that leverage a duplicate cleanup operation.
  (CVE-2015-5706)

  It was discovered that an integer overflow error existed in the SCSIgeneric
  (sg) driver in the Linux kernel. A local attacker with writepermission to a
  SCSI generic device could use this to cause a denial of service (system
  crash) or potentially escalate their privileges. (CVE-2015-5707)

  The __rds_conn_create function in net/rds/connection.c in the Linux kernel
  through 4.2.3 allows local users to cause a denial of service (NULL pointer
  dereference and system crash) or possibly have unspecified other impact by
  using a socket that was not properly bound (CVE-2015-6937).

  The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel
  through 4.2.6 allows local users to cause a denial of service (OOPS) via
  crafted keyctl commands (CVE-2015-7872).

  The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in
  the Linux kernel through 4.3.3 does not initialize a certain structure
  member, which allows local users to obtain sensitive information from
  kernel memory via a crafted application (CVE-2015-7884).

  The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the
  Linux kernel through 4.3.3 does not initialize a certain structure member,
  which allows local users to obtain sensitive information from kernel memory
  via a crafted application (CVE-2015-7885).

  A guest to host DoS issue was found affecting various hypervisors. In that,
  a guest can DoS the host by triggering an infinite stream of "debug check"
  (#DB) exceptions. This causes the microcode to enter an infinite loop where
  the core never receives another interrupt. The host kernel panics due to
  this effect (CVE-2015-8104).

  Felix Wilhelm discovered a race condition in the Xen paravirtualized
  drivers which can cause double fetch vulnerabilities. An attacker in the
  paravirtualized guest could exploit this flaw to cause a denial of service
  (crash the host) or potentially execute arbitrary code on the host
  (CVE-2015-8550 / XSA-155).

  Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
  perform sanity checks on the device's state. An attacker could exploit
  this flaw to cause a denial of service (NULL dereference) on the host
  (CVE-2015-8551 / XSA-157).

  Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
  perform sanity checks on the device's state. An attacker could exploit
  this flaw to cause a denial of service by flooding the logging system
  with WARN() messages causing the initial domain to exhaust disk space
  (CVE-2015-8552 / XSA-157).

  The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
  through 4.3.3 attempts to merge distinct setattr operations, which allows
  local users to bypass intended access restrictions and modify the
  attributes of arbitrary overlay files via a crafted application
  (CVE-2015-8660).

  For other upstream fixes, see the referenced changelogs.

  Other fixes in this update:
  * improve ath10k (QCA99X0, QCA988X, QCA6174) support (mga#16915)
  * silence a harmless warning on 32bit non-dt hardware (mga#17010)
  * fix regression with AlpsPS/2 ALPS DualPoint TouchPad of a Dell
    Latitude D600 (mga#17034)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=17401
 - https://bugs.mageia.org/show_bug.cgi?id=16915
 - https://bugs.mageia.org/show_bug.cgi?id=17010
 - https://bugs.mageia.org/show_bug.cgi?id=17034
 - http://kernelnewbies.org/Linux_4.0
 - http://kernelnewbies.org/Linux_4.1
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.1
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.3
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.7
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.8
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.9
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.10
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.11
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.12
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.13
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14
 - https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15

Whiteboard: (none) => advisory

MGA5-32 Xfce on Acer D620
No installation issues
After rebooting screen OK, Firefox, LibreOffice, MCC, parole player all OK. Good enough for me.

CC: (none) => herman.viaene
Whiteboard: advisory => advisory MGA5-32-OK

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0015.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED