security and regression fixes, advisory to follow: SRPMS: kernel-tmb-4.4.39-1.mga5.src.rpm i586: kernel-tmb-desktop-4.4.39-1.mga5-1-1.mga5.i586.rpm kernel-tmb-desktop-devel-4.4.39-1.mga5-1-1.mga5.i586.rpm kernel-tmb-desktop-devel-latest-4.4.39-1.mga5.i586.rpm kernel-tmb-desktop-latest-4.4.39-1.mga5.i586.rpm kernel-tmb-source-4.4.39-1.mga5-1-1.mga5.noarch.rpm kernel-tmb-source-latest-4.4.39-1.mga5.noarch.rpm x86_64: kernel-tmb-desktop-4.4.39-1.mga5-1-1.mga5.x86_64.rpm kernel-tmb-desktop-devel-4.4.39-1.mga5-1-1.mga5.x86_64.rpm kernel-tmb-desktop-devel-latest-4.4.39-1.mga5.x86_64.rpm kernel-tmb-desktop-latest-4.4.39-1.mga5.x86_64.rpm kernel-tmb-source-4.4.39-1.mga5-1-1.mga5.noarch.rpm kernel-tmb-source-latest-4.4.39-1.mga5.noarch.rpm
Advisory: This update is based on upstream 4.4.39 and fixes atleast the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack (CVE-2016-8399) The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (CVE-2016-8645). The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent (CVE-2016-8650). A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system (CVE-2016-8655). A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (CVE-2016-9576). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an information leakage issue. It could occur on x86 platform, while emulating instructions in 32bit mode. A user/process could use this flaw to leak host kernel memory bytes (CVE-2016-9756). A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation allows CAP_NET_ADMIN users to set negative sk_sndbuf or sk_rcvbuf values. A user could use this flaw to cause various memory corruptions, crashes and OOM (CVE-2016-9793). A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact (CVE-2016-9794). Other fixes in this update: - fix for HID gamepad DragonRise (mga#19853) - fix for radeon driver crashing on Dell Precision M4800 (mga#19892) For other upstream fixes in this update, see the referenced changelogs. Refrences: https://bugs.mageia.org/show_bug.cgi?id=19992 https://bugs.mageia.org/show_bug.cgi?id=19892 https://bugs.mageia.org/show_bug.cgi?id=19853 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.33 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.34 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.35 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.36 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.37 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.38 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.39
Installing this on x86_64 UEFI hardware - kernel-source-4.4.39-1.mga5-1-1.mga5.noarch - kernel-source-latest-4.4.39-1.mga5.noarch - kernel-tmb-desktop-4.4.39-1.mga5-1-1.mga5.x86_64 - kernel-tmb-desktop-devel-4.4.39-1.mga5-1-1.mga5.x86_64 - kernel-tmb-desktop-devel-latest-4.4.39-1.mga5.x86_64 - kernel-tmb-desktop-latest-4.4.39-1.mga5.x86_64 - kernel-userspace-headers-4.4.39-1.mga5.x86_64 libafs (1.6.20-1.mga5) built and installed nvidia-current (367.57-1.mga5.nonfree) module installed vboxadditions (5.1.10-1.1.mga5) module installed virtualbox (5.1.10-1.1.mga5) module installed xtables-addons (2.10-1.mga5): module installed Rebooted under the new kernel: $ uname -r 4.4.39-tmb-desktop-1.mga5 Firefox up and running. Remote login to another local machine. Image display over the network. There was a problem with logout - it hung - needed Ctrl-C. Launched a couple of vbox clients, 32bit and 64bit. Both running smoothly. OK so far.
CC: (none) => tarazed25
In VirtualBox, M5, KDE, 64-bit Package(s) under test: kernel-tmb-latest default install of kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.39-desktop-1.mga5 #1 SMP Fri Dec 16 18:43:46 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.39-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing Select kernel under test in GRUB2 menu. [root@localhost wilcal]# uname -a Linux localhost 4.4.39-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 16 18:14:21 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.4.39-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB)
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 32-bit Package(s) under test: kernel-tmb-latest default install of kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.39-desktop586-1.mga5 #1 SMP Fri Dec 16 18:34:16 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.39-1.mga5.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing Select kernel under test in GRUB2 menu. [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.39-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 16 18:22:16 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.4.39-1.mga5.i586 is already installed
M5 x86 real hardware with AMD/ATI/Radeon graphics No problems with this. OK for me.
CC: (none) => lewyssmith
Advisory made from comments 0 & 1; validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-32-OK MGA5-64-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0004.html
Status: NEW => RESOLVEDResolution: (none) => FIXED