Ubuntu is reporting some new CVEs that seem to be in Kernel 4.4, Rosa 2014 may not be affected by these, but 2016 might USN-3099-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. VladimÃÂr Beneá discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480)
CVE: (none) => CVE-2016-6480
Dont push any kernel updates to mga5 testing until current 4.4.22-1 is validated and pushed
CC: (none) => tmb
Assignee: bugsquad => kernel
CVE-2016-6480 was fixed in 4.4.20 already. fix for CVE-2016-6828 is in upstream 4.4.23 The critical fix is actually CVE-2016-7039 that is a remote DOS vuln, I've updated to 4.4.25 and added patches for - CVE-2016-7039 - a mm race fix - a linker PIE fix Assigning to QA now so they are aware it will land soon-ish. I will add rpm lists as soon as they land on mirrors so you know what to test
Priority: Normal => HighCVE: CVE-2016-6480 => CVE-2016-7039, CVE-2016-6828Assignee: kernel => qa-bugsSummary: kernel security vulnerability (CVE-2016-6480) => kernel security vulnerabilities (CVE-2016-7039, CVE-2016-6828)Severity: normal => major
CC: (none) => andrewsfarm
Now I think there is another critical CVE in this update, but I dont have references on it yet, so for now: Advisory: This update is based on the upstream 4.4.26 kernel and fixes atleast theese security issues: Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Vladimir Benei discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) For other fixes in this update, see the referenced changelogs. References: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.23 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.24 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.25 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26 SRPMS: kernel-4.4.26-1.mga5.src.rpm kernel-userspace-headers-4.4.26-1.mga5.src.rpm kmod-vboxadditions-5.1.2-8.mga5.src.rpm kmod-virtualbox-5.1.2-8.mga5.src.rpm kmod-xtables-addons-2.10-14.mga5.src.rpm i586: cpupower-4.4.26-1.mga5.i586.rpm cpupower-devel-4.4.26-1.mga5.i586.rpm kernel-desktop-4.4.26-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-4.4.26-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-4.4.26-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-latest-4.4.26-1.mga5.i586.rpm kernel-desktop586-latest-4.4.26-1.mga5.i586.rpm kernel-desktop-devel-4.4.26-1.mga5-1-1.mga5.i586.rpm kernel-desktop-devel-latest-4.4.26-1.mga5.i586.rpm kernel-desktop-latest-4.4.26-1.mga5.i586.rpm kernel-doc-4.4.26-1.mga5.noarch.rpm kernel-server-4.4.26-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-4.4.26-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-latest-4.4.26-1.mga5.i586.rpm kernel-server-latest-4.4.26-1.mga5.i586.rpm kernel-source-4.4.26-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.26-1.mga5.noarch.rpm kernel-userspace-headers-4.4.26-1.mga5.i586.rpm perf-4.4.26-1.mga5.i586.rpm vboxadditions-kernel-4.4.26-desktop-1.mga5-5.1.2-8.mga5.i586.rpm vboxadditions-kernel-4.4.26-desktop586-1.mga5-5.1.2-8.mga5.i586.rpm vboxadditions-kernel-4.4.26-server-1.mga5-5.1.2-8.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.1.2-8.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.1.2-8.mga5.i586.rpm vboxadditions-kernel-server-latest-5.1.2-8.mga5.i586.rpm virtualbox-kernel-4.4.26-desktop-1.mga5-5.1.2-8.mga5.i586.rpm virtualbox-kernel-4.4.26-desktop586-1.mga5-5.1.2-8.mga5.i586.rpm virtualbox-kernel-4.4.26-server-1.mga5-5.1.2-8.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.1.2-8.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.1.2-8.mga5.i586.rpm virtualbox-kernel-server-latest-5.1.2-8.mga5.i586.rpm xtables-addons-kernel-4.4.26-desktop-1.mga5-2.10-14.mga5.i586.rpm xtables-addons-kernel-4.4.26-desktop586-1.mga5-2.10-14.mga5.i586.rpm xtables-addons-kernel-4.4.26-server-1.mga5-2.10-14.mga5.i586.rpm xtables-addons-kernel-desktop586-latest-2.10-14.mga5.i586.rpm xtables-addons-kernel-desktop-latest-2.10-14.mga5.i586.rpm xtables-addons-kernel-server-latest-2.10-14.mga5.i586.rpm x86_64: cpupower-4.4.26-1.mga5.x86_64.rpm cpupower-devel-4.4.26-1.mga5.x86_64.rpm kernel-desktop-4.4.26-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-4.4.26-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-latest-4.4.26-1.mga5.x86_64.rpm kernel-desktop-latest-4.4.26-1.mga5.x86_64.rpm kernel-doc-4.4.26-1.mga5.noarch.rpm kernel-server-4.4.26-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-4.4.26-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-latest-4.4.26-1.mga5.x86_64.rpm kernel-server-latest-4.4.26-1.mga5.x86_64.rpm kernel-source-4.4.26-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.26-1.mga5.noarch.rpm kernel-userspace-headers-4.4.26-1.mga5.x86_64.rpm perf-4.4.26-1.mga5.x86_64.rpm vboxadditions-kernel-4.4.26-desktop-1.mga5-5.1.2-8.mga5.x86_64.rpm vboxadditions-kernel-4.4.26-server-1.mga5-5.1.2-8.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.1.2-8.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.1.2-8.mga5.x86_64.rpm virtualbox-kernel-4.4.26-desktop-1.mga5-5.1.2-8.mga5.x86_64.rpm virtualbox-kernel-4.4.26-server-1.mga5-5.1.2-8.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.1.2-8.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.1.2-8.mga5.x86_64.rpm xtables-addons-kernel-4.4.26-desktop-1.mga5-2.10-14.mga5.x86_64.rpm xtables-addons-kernel-4.4.26-server-1.mga5-2.10-14.mga5.x86_64.rpm xtables-addons-kernel-desktop-latest-2.10-14.mga5.x86_64.rpm xtables-addons-kernel-server-latest-2.10-14.mga5.x86_64.rpm
Severity: major => critical
I have the x86_64 server kernels running on 2 live servers and the x86_64 desktop kernels on 2 live desktop systems
And the "feeling" was right... CVE-2016-5195 is out with a exploit in the wild, so updated advisory: This update is based on the upstream 4.4.26 kernel and fixes atleast theese security issues: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges. An exploit using this technique has been found in the wild (CVE-2016-5195). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Vladimr Bene¡ discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) For other fixes in this update, see the referenced changelogs. References: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.23 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.24 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.25 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26
CVE: CVE-2016-7039, CVE-2016-6828 => CVE-2016-7039, CVE-2016-6828, CVE-2016-5195Summary: kernel security vulnerabilities (CVE-2016-7039, CVE-2016-6828) => kernel security vulnerabilities (CVE-2016-7039, CVE-2016-6828, CVE-2016-5195)
Blocks: (none) => 19213
Running 4.4.26-desktop-1.mga5 ok here now on an x86_64 host, and i586 vb guest. Will test i586 host shortly.
CC: (none) => davidwhodgins
Running 4.4.26-desktop on an Intel x86_64 host, and on an x86_64 guest. All seems good. Running 4.4.26-server on an AMD i586 host, and all seems well except that an old and troublesome i586 guest will not boot, showing the same symptoms seen in testing vbox 5.1.4 and 5.1.6. I'm beginning to think something is messed up with that guest. A separate i586 guest, set up to boot the Mageia 5 Classical iso, boots with no problem.
Tested kernel-desktop on two x86_64 systems: System 1: Intel Core i5-3550 Radeon HD 7850 (using both ati and fglrx drivers) Atheros AR8161 Gigabit Ethernet System 2: Intel Core i7-3630QM Optimus graphics (only using the intel driver) Intel Centrino Wireless-N 2230 Tested VirtualBox on first system with both 64-bit and 32-bit guests. Tested cpupower and perf on second system. No regressions seen.
During install on an i585 host install (x86_64 system), I get the message Creating: target|kernel|dracut args|basicmodules remove-boot-splash: Format of /boot/initrd-4.4.26-server-1.mga5.img not recognized You should restart your computer for kernel-server-4.4.26-1.mga5 Same for the desktop kernel. I don't recall seeing such a message before, but the kernels both work, including the display of the boot splash, so definitly not holding the update for this. If no objections raised during the qa meeting in a few minutes, I'll then validate the update.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
advisory added
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0347.html
Status: NEW => RESOLVEDResolution: (none) => FIXED