Advisory: This update is based on upstream 4.4.32 and fixes alteast the following security issues: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (CVE-2016-7042). The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (CVE-2016-7425). Null pointer dereference in kvm/emulate.c (CVE-2016-8630). A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network (CVE-2016-8633). For other fixes in this update, see the referenced changelogs. References: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.27 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.28 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.29 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.30 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.31 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.32 SRPM: kernel-tmb-4.4.32-1.mga5.src.rpm i586: kernel-tmb-4.4.32-1.mga5-1-1.mga5.i586.rpm kernel-tmb-devel-4.4.32-1.mga5-1-1.mga5.i586.rpm kernel-tmb-devel-latest-4.4.32-1.mga5.i586.rpm kernel-tmb-doc-4.4.32-1.mga5.noarch.rpm kernel-tmb-latest-4.4.32-1.mga5.i586.rpm kernel-tmb-source-4.4.32-1.mga5-1-1.mga5.noarch.rpm kernel-tmb-source-latest-4.4.32-1.mga5.noarch.rpm x86_64: kernel-tmb-4.4.32-1.mga5-1-1.mga5.x86_64.rpm kernel-tmb-devel-4.4.32-1.mga5-1-1.mga5.x86_64.rpm kernel-tmb-devel-latest-4.4.32-1.mga5.x86_64.rpm kernel-tmb-doc-4.4.32-1.mga5.noarch.rpm kernel-tmb-latest-4.4.32-1.mga5.x86_64.rpm kernel-tmb-source-4.4.32-1.mga5-1-1.mga5.noarch.rpm kernel-tmb-source-latest-4.4.32-1.mga5.noarch.rpm
Upgrading from 4.4.26-tmb-desktop-1.mga5 on x86_64 hardware with nvidia GTX770. Installed: kernel-tmb-desktop-latest kernel-tmb-desktop-4.4.32-1.mga5-1-1.mga5 cpupower-4.4.32-1.mga5 cpupower-devel-4.4.32-1.mga5 kernel-tmb-desktop-devel-latest kernel-tmb-desktop-devel-4.4.32-1.mga5-1-1.mga5
CC: (none) => tarazed25
Rebooting went smoothly. Rebuilt nvidia module. Mate desktop up and running. Firefox 45.5.0. Rebooted a 32-bit virtual machine, Mate, Firefox 45.4.0, kernel 4.4.30-desktop586-2.mga5 Back to the host: Bluetooth and pulseaudio working well together. Played a downloaded Renee Fleming Youtube video using mplayer then watched live HD TV courtesy of vlc.
Ran glmark2 which returned a respectable score of 17965. Loaded stellarium to see the local night sky. Ran celestia for a quick tour of the solar system, the constellations and the galaxy. Logged in to another machine via ssh and invoked a couple of graphical applications. No problems. Cut and paste in a terminal worked remotely. Invoked googleearth but it was very slow to load so I killed it, but it was working. All the signs are that the kernel is fine for 64-bits.
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
MGA-32 on AcerD620 Xfce No installation issues. Same problem as kernel-linus update: afer a few minutes the graphics get garbled with red color fields making any application all bur unusable.
CC: (none) => herman.viaene
Video: C51 [GeForce 6150 LE] âAMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Sound: MCP51 High Definition Audio HDrive: Maxtor 6L080J4 The following 15 packages are going to be installed: - gcc-4.9.2-4.1.mga5.i586 - gcc-cpp-4.9.2-4.1.mga5.i586 - glibc-devel-2.20-23.mga5.i586 - kernel-tmb-desktop-4.4.32-1.mga5-1-1.mga5.i586 - kernel-tmb-desktop-devel-4.4.32-1.mga5-1-1.mga5.i586 - kernel-tmb-desktop-devel-latest-4.4.32-1.mga5.i586 - kernel-tmb-desktop-latest-4.4.32-1.mga5.i586 - kernel-tmb-source-4.4.32-1.mga5-1-1.mga5.noarch - kernel-tmb-source-latest-4.4.32-1.mga5.noarch - kernel-userspace-headers-4.4.35-2.mga5.i586 - libmpc3-1.0.2-4.mga5.i586 - libncurses-devel-5.9-21.mga5.i586 - libstdc++5-3.3.6-11.mga5.i586 - libstdc++5-devel-3.3.6-11.mga5.i586 - make-4.0-6.mga5.i586 659MB of additional disk space will be used. 152MB of packages will be retrieved. Is it ok to continue? [brian@localhost ~]$ uname -a Linux localhost.localdomain 4.4.32-tmb-desktop-1.mga5 #1 SMP PREEMPT Tue Nov 15 20:09:22 UTC 2016 i686 i686 i686 GNU/Linux -- Drive access actually sounds different (old drive with grinding bearings and noisy servos). Plugging in USB works. browser works. Sounds is working. Open to open files. Works for me.
CC: (none) => brtians1Whiteboard: advisory => advisory mga5-32-ok
On mga5-32 Package installed: - kernel-tmb-desktop-4.4.32-1.mga5-1-1.mga5.i586 Package installed cleanly System re-booted normally. $ uname -r 4.4.32-tmb-desktop-1.mga5 No regressions noted. OK for mga5-32 on this system: Machine: Mobo: ECS model: GeForce7050M-M v: 1.0 CPU: Quad core AMD Phenom 9500 Graphics: Card: NVIDIA GF108 [GeForce GT 630] drivers: v4l,nouveau
CC: (none) => jim
On mga5-64 Package installed: - kernel-tmb-desktop-4.4.32-1.mga5-1-1.mga5.x86_64 Package installed cleanly System re-booted normally $ uname -r 4.4.32-tmb-desktop-1.mga5 No regressions noted OK for mga5-64 on this system: mobo: ECS model: GeForce7050M-M v: 1.0 CPU: Quad core AMD Phenom 9500 (-MCP-) Graphics: Card: NVIDIA GF108 [GeForce GT 630] Display Server: X.Org 1.16.4 drivers: v4l,nouveau Boot: legacy BIOS Disk: GPT partitions
In VirtualBox, M5, KDE, 32-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.32-desktop-1.mga5 #1 SMP Tue Nov 15 10:10:27 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.32-1.mga5.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing Power off client Set Vbox Manager -> System -> Processor -> Enable PAE/NX boot Vbox client [root@localhost wilcal]# uname -a Linux localhost 4.4.32-tmb-desktop-1.mga5 #1 SMP PREEMPT Tue Nov 15 20:09:22 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.4.32-1.mga5.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct.
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 64-bit Package(s) under test: kernel-tmb-desktop-latest default install of kernel-desktop-latest root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.32-desktop-1.mga5 #1 SMP Tue Nov 15 09:08:15 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.32-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing Power off client Set Vbox Manager -> System -> Processor -> Enable PAE/NX boot Vbox client [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.32-tmb-desktop-1.mga5 #1 SMP PREEMPT Tue Nov 15 20:13:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.4.32-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct.
CC: (none) => youpburdenCVE: (none) => CVE-2016-7042, CVE-2016-8630Whiteboard: advisory mga5-32-ok => advisory mga5-32-ok mga5-64-ok
Thanks to the various testers. Validating this, Advisory already uploaded.
Keywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0412.html
Status: NEW => RESOLVEDResolution: (none) => FIXED