Update to 4.4 longterm including CVE fixes... Advisory to follow.... SRPMS: kernel-linus-4.4.9-1.mga5.src.rpm i586: kernel-linus-4.4.9-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.9-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.9-1.mga5.i586.rpm kernel-linus-doc-4.4.9-1.mga5.noarch.rpm kernel-linus-latest-4.4.9-1.mga5.i586.rpm kernel-linus-source-4.4.9-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.9-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.9-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.9-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.9-1.mga5.x86_64.rpm kernel-linus-doc-4.4.9-1.mga5.noarch.rpm kernel-linus-latest-4.4.9-1.mga5.x86_64.rpm kernel-linus-source-4.4.9-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.9-1.mga5.noarch.rpm
Depends on: (none) => 18031
Hi! I installed the linus kernel on my Acer x86-64 laptop (see http://www.shlomifish.org/meta/FAQ/#computers-specs ): * lightdm works fine. * Xfce works fine. * Firefox works. * ssh works. * Samba works. * X-over-ssh works fine. * Hexchat is working. * Pidgin is working. * Konqueror works. * VLC can play video+audio. * gears is working * extreme tux racer is working. * shlomif@lap:~$ uname -a Linux localhost 4.4.9-1.mga5 #1 SMP Tue May 3 21:59:57 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux * dkms-virtualbox built fine.
CC: (none) => shlomif
Adding feedback marker. Issues discovered in bug 10831.
Whiteboard: (none) => feedback
Typo: bug 18031.
Assigning Thomas til it's ready
CC: (none) => qa-bugsAssignee: qa-bugs => tmb
Good for testing... SRPMS: kernel-linus-4.4.11-1.mga5.src.rpm i586: kernel-linus-4.4.11-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.11-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.11-1.mga5.i586.rpm kernel-linus-doc-4.4.11-1.mga5.noarch.rpm kernel-linus-latest-4.4.11-1.mga5.i586.rpm kernel-linus-source-4.4.11-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.11-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.11-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.11-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.11-1.mga5.x86_64.rpm kernel-linus-doc-4.4.11-1.mga5.noarch.rpm kernel-linus-latest-4.4.11-1.mga5.x86_64.rpm kernel-linus-source-4.4.11-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.11-1.mga5.noarch.rpm
Assignee: tmb => qa-bugsSummary: Update request: kernel-linus-4.4.9-1.mga5 => Update request: kernel-linus-4.4.11-1.mga5Source RPM: kernel-linus-4.4.9-1.mga5.src.rpm => kernel-linus-4.4.11-1.mga5.src.rpmWhiteboard: feedback => (none)
Depends on: 18031 => (none)
Depends on: (none) => 18031, 17604, 18523, 18525, 18526, 18527, 18528, 18529, 18531
x86_64 with nvidia GeForce GTX970 Well, that was weird. The installation did not go as smoothly as usual. Things needed to be removed before others would install and dracut was replaced. At boot the system failed to run the nvidia driver and looked like it was trying to use nouveau. That failed on a flat panel problem. Used drakx11 to reinstall the nvidia driver and rebooted. It failed again so I decided to revert to the older kernel 4.1.15. That failed on nvidia and tried to use nouveau. Back to drakx11 and a reboot. At this point the linus kernel had disappeared from the grub2 menu but the desktop came up OK for 4.1.15. This was the installation list after cherry-picking: - dracut-038-21.mga5.x86_64 - kernel-desktop-4.4.11-1.mga5-1-1.mga5.x86_64 - kernel-desktop-devel-4.4.11-1.mga5-1-1.mga5.x86_64 - kernel-desktop-devel-latest-4.4.11-1.mga5.x86_64 - kernel-desktop-latest-4.4.11-1.mga5.x86_64 - kernel-userspace-headers-4.4.11-1.mga5.x86_64 It needs to be done again to gather any relevant diagnostics.
CC: (none) => tarazed25
The newer kernel needs the newer nvidia module Len. The rpms you've given relate to the standard kernel rather than this one btw.
You are right. How did I not notice that? So I had better specify linus rather than use MageiaUpdate and also install the later nvidia. Did not realise that it was not up to date. Thanks Claire. :(
Installed nvidia340.96-1 Rebooted to kernel desktop 4.1.15 Installed linus kernel this time and rebooted This failed - no X display but it was the linus kernel Esc nvidia340.96-1 already installed on this kernel nvidia-current 352.79-3 already installed on this kernel xtables-addons 2.10-1 already installed on this kernel Checking for new hardware ...... Started Display Manager (not) ...... started hostname service xt_addrtype ipv6 does not support BROADCAST matching At this point, X should have been running - no error messages but I am puzzled by the two nvidia modules Rebooted and chose the previous kernel; same messages and X failure Rebooted to an even earlier kernel and failed again. No solution now but to reinstall.
Did you remember ldetect-lst? You can run drakx11 from a tty login btw.
That could be it. I did forget ldetect-lst. Yes, I often do run drakx11 in a console. Anyway the reinstall is complete. Shall try the linus kernel again later. Thanks.
First some checks based on Claire's bug 18527 #c1: ldetect-lst-0.1.346.4-1.mga5.x86_64 installed nvidia driver 346.96 # rpm -qa *kernel* kernel-firmware-20160409-1.mga5 kernel-desktop-devel-latest-4.1.15-2.mga5 nvidia-current-kernel-desktop-latest-346.96-5.mga5.nonfree kernel-desktop-3.19.8-3.mga5-1-1.mga5 kernel-desktop-4.1.15-2.mga5-1-1.mga5 nvidia-current-kernel-3.19.8-desktop-3.mga5-346.82-1.mga5.nonfree kernel-desktop-latest-4.1.15-2.mga5 kernel-desktop-devel-3.19.8-3.mga5-1-1.mga5 kernel-desktop-devel-4.1.15-2.mga5-1-1.mga5 kernel-firmware-nonfree-20160516-1.mga5.nonfree nvidia-current-kernel-4.1.15-desktop-2.mga5-346.96-5.mga5.nonfree kernel-userspace-headers-4.1.15-2.mga5 # rpm -qa *nvidia* nvidia-current-kernel-desktop-latest-346.96-5.mga5.nonfree nvidia-current-kernel-3.19.8-desktop-3.mga5-346.82-1.mga5.nonfree dkms-nvidia-current-346.96-1.mga5.nonfree x11-driver-video-nvidia-current-346.96-1.mga5.nonfree nvidia-current-kernel-4.1.15-desktop-2.mga5-346.96-5.mga5.nonfree nvidia-current-doc-html-346.96-1.mga5.nonfree # urpmq --media Testing --requires nvidia340-kernel-desktop-latest dkms-nvidia340[>= 340.96-1.mga5.nonfree] kernel-desktop-devel-latest # dkms status -m nvidia340 returns nothing Is it safe to go ahead with the linus kernel install?
The installation of the linus kernel broke something. The system ended up in a mess again with no X display. Trying to revert to the standard kernel failed on X as well so the os needs to be reinstalled yet again. As far as nvidia is concerned it looks like the binary for the linus kernel is not being built and for the stock kernel there is a mismatch of some kind because the binary is not being rebuilt to match the driver version or something. dkms status -m nvidia340 returns nothing but # dkms status lists entries against nvidia-current: 352.79-3, kernel 4.4.11-1 installed 352.79-3, kernel 4.1.15-desktop-2 installed 346.96-1, kernel 4.1.15-desktop-2 installed-binary from 4.1.15-desktop-2 # rpm -qa *nvidia* nvidia-current-kernel-desktop-latest-346.96-5 dkms-nvidia-current-352.79-3 x11-driver-video-nvidia-current-346.96-1 nvidia-current-kernel-4.1.15-desktop-2.mga5-346.96-5 After the last os install the only changes were: install pending updates remove orphan packages install later version of ldetect-lst install linus kernel Various things were pulled in and dkms fired up during the kernel install. Is there some other step that has been missed out?
Was kernel-linus-devel-latest installed?
Nm, dkms shows it has compiled for 4.4.11-1 which is the linus kernel. tmb?
got it Len. You haven't installed the updated x11-driver-video-nvidia-current to match the updated nvidia-current driver. It's tricky to handle all these all at once. Take care when selecting the packages.
It looks as though your card is one of those that will no longer be supported by nvidia-current but which may work with nvidia340. tmb wrote about this somewhere, but I can't find the link. I don't recall if he expected the switch to be seemless.
CC: (none) => jkerr82508
@Claire #c14 : not sure but don't think so. @Claire #c16 : thanks - shall try that @James The GTX970 was OK with nvidia 352.79 and the current kernel. I may still have the email containing the comment from tmb.
kernel-linus-devel-latest was installed in fact. Installing the current x11-driver did the trick. The 4.4.11-1 kernel is now running the desktop in tandem with nvidia 352.79. Looks OK on the surface - shall let it run for a while. Thanks Claire for the pointers; need to make a list of what is needed in these cases. Shall look for Thomas's warning about high end video card support.
Last round: SRPMS: kernel-linus-4.4.13-1.mga5.src.rpm i586: kernel-linus-4.4.13-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.13-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.13-1.mga5.i586.rpm kernel-linus-doc-4.4.13-1.mga5.noarch.rpm kernel-linus-latest-4.4.13-1.mga5.i586.rpm kernel-linus-source-4.4.13-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.11-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.13-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.13-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.13-1.mga5.x86_64.rpm kernel-linus-doc-4.4.13-1.mga5.noarch.rpm kernel-linus-latest-4.4.13-1.mga5.x86_64.rpm kernel-linus-source-4.4.13-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.13-1.mga5.noarch.rpm
Depends on: 18031 => 18688Summary: Update request: kernel-linus-4.4.11-1.mga5 => Update request: kernel-linus-4.4.13-1.mga5Source RPM: kernel-linus-4.4.11-1.mga5.src.rpm => kernel-linus-4.4.13-1.mga5.src.rpm
Advisory: This kernel-linus update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves atleast the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (CVE-2013-4312). drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device (CVE-2015-5257). The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (CVE-2015-5307). An out-of-bounds memory read was found, affecting kernels from 4.3-rc1 onwards. This vulnerability was caused by incorrect X.509 time validation in x509_decode_time() function in x509_cert_parser.c (CVE-2015-5327). The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (CVE-2015-6937). The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (CVE-2015-7550). The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (CVE-2015-7799). The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (CVE-2015-8104). The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (CVE-2015-8543). The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands (CVE-2016-0728). The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack (CVE-2016-2085). The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data (CVE-2016-2117). The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (CVE-2016-3136). drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (CVE-2016-3137). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) with variable Memory Type Range Registers(MTRR) support is vulnerable to an out-of-bounds r/w access issue. It could occur while accessing processors MTRRs via ioctl(2) calls. A privileged user inside guest could use this flaw to manipulate host kernels memory bytes leading to information disclosure OR potentially crashing the kernel resulting in DoS (CVE-2016-3713). Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area (CVE-2016-3961). This update also provides better support for various newer hardware. For other changes in this update, see the referenced changelogs. References: http://kernelnewbies.org/Linux_4.2 http://kernelnewbies.org/Linux_4.3 http://kernelnewbies.org/Linux_4.4 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.4 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.5 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.6 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.7 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.8 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.9 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.10 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.11 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.12 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.13
CVE list: CVE-2013-4312 CVE-2015-5257 CVE-2015-5307 CVE-2015-5327 CVE-2015-6937 CVE-2015-7550 CVE-2015-7799 CVE-2015-8104 CVE-2015-8543 CVE-2016-0728 CVE-2016-2085 CVE-2016-2117 CVE-2016-2143 CVE-2016-3136 CVE-2016-3137 CVE-2016-3713 CVE-2016-3961
Advisory update/removal: I patched CVE-2016-0728 was already in MGASA-2016-0031
shlomif@lap:~$ uname -a Linux lap.shlomifish.org 4.4.13-1.mga5 #1 SMP Fri Jun 10 22:10:56 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Everything seems to be working fine on my x86-64 v5 Acer Aspire laptop - live hardware.
advisory added
Whiteboard: (none) => advisory
Adding 64bit ok from Shlomi's tests. This *should* be ok as it's the upstream kernel from which ours are built. Will wait for one more test to validate.
Whiteboard: advisory => advisory mga5-64-ok
Testing on mga5-32 Installed cleanly. Booted to KDE desktop and applications appear to be working normally. OK for mga5-32 This update is now validated and can be pushed to updates
Keywords: (none) => validated_updateWhiteboard: advisory mga5-64-ok => advisory mga5-64-ok mga5-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0232.html
Status: NEW => RESOLVEDResolution: (none) => FIXED