No testing indicated, let alone on both arches. Removing the validated keyword
for now.

Keywords: validated_update => (none)
CC: (none) => davidwhodgins

Installed this on a 64bit laptop with nvidia graphics.
It appeared to be a clean install but the kernel could not be identified in the boot menu.  This is a multiboot system with three Cauldron test systems in addition to mga5.1 and this one had several kernels installed.  The nvidia module was not being rebuilt at any stage so it looked like the tmb kernel was being overlooked.  I think it ended up being named kernel-desktop-4.4.50 which clashed with the resident kernel (from updates testing as well).  
$ rpm -qa | grep kernel
shows that both are installed.

To clarify things I removed all the old kernels including the test 4.4.50, leaving only the tmb kernel in place.
On reboot grub2 said that there was no vmlinuz.
Nothing to do then but upgrade from the iso on USB.  It whistled through to installing the bootloader and on reboot listed the tmb kernel with its full name and built the kernel module for nvidia on the way to the desktop.  That is running fine now so I shall leave it in place for a while.

At the end of the earlier kernel installation there were a couple of lines which I took to be optional instructions to do with setting the new kernel as the default.  That could be the problem.  They might not be optional.

Is it correct to assume that removing kernels should automatically edit the boot menu?

CC: (none) => tarazed25

Installed on another multiboot x86_64 machine, with nvidia GTX 970.  This one has been running for a couple of days now with no sign of any problems and it is noteworthy that the kernel is correctly identified in the boot menu.

pavucontrol works fine in Mate.  pulseaudio running.  vlc plays videos fine.  Sound and video from Vimeo in Firefox.  libreoffice writer ok.  Networking OK, remote logins on the LAN.  My virtualbox has problems just now - trying that later.

Added 4 fixes on top of 4.4.50-1 to make testing fast:
- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074)
- Fix missing sanity check in /dev/sg
- rtlwifi: rtl_usb: Fix missing entry in USB driver's private data
- scsi: don't BUG_ON() empty DMA transfers

I'll write advisory later today...


SRPM:
kernel-tmb-4.4.50-2.mga5.src.rpm

i586:
kernel-tmb-desktop-4.4.50-2.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-4.4.50-2.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-latest-4.4.50-2.mga5.i586.rpm
kernel-tmb-desktop-latest-4.4.50-2.mga5.i586.rpm
kernel-tmb-source-4.4.50-2.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.50-2.mga5.noarch.rpm

x86_64:
kernel-tmb-desktop-4.4.50-2.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-4.4.50-2.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-latest-4.4.50-2.mga5.x86_64.rpm
kernel-tmb-desktop-latest-4.4.50-2.mga5.x86_64.rpm
kernel-tmb-source-4.4.50-2.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.50-2.mga5.noarch.rpm

Priority: Normal => High
Summary: Update request: kernel-tmb-4.4.50-1.mga5 => Update request: kernel-tmb-4.4.50-2.mga5
Whiteboard: MGA5-64-OK MGA5-32-OK => (none)
Severity: normal => critical

Advisory text (also added to svn)


The cgroup offline implementation in the Linux kernel through 4.8.11
mishandles certain drain operations, which allows local users to cause
a denial of service (system hang) by leveraging access to a container
environment for executing a crafted application, as demonstrated by
trinity (CVE-2016-9191).

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP
and #OF exceptions, which allows guest OS users to cause a denial of
service (guest OS crash) by declining to handle an exception thrown by
an L2 guest (CVE-2016-9588).

The sg implementation in the Linux kernel through 4.9 does not properly
restrict write operations in situations where the KERNEL_DS option is set,
which allows local users to read or write to arbitrary kernel memory
locations or cause a denial of service (use-after-free) by leveraging
access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c
(CVE-2016-10088).

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel
through 4.9.8 does not properly validate meta block groups, which
allows physically proximate attackers to cause a denial of service
(out-of-bounds read and system crash) via a crafted ext4 image
(CVE-2016-10208).

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in
the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL
selector" instruction, which allows guest OS users to cause a denial of
service (guest OS crash) or gain guest OS privileges via a crafted
application (CVE-2017-2583).

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local
users to obtain sensitive information from kernel memory or cause a
denial of service (use-after-free) via a crafted application that
leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt
(CVE-2017-2584).

drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6
interacts incorrectly with the CONFIG_VMAP_STACK option, which allows
local users to cause a denial of service (system crash or memory
corruption) or possibly have unspecified other impact by leveraging
use of more than one virtual page for a DMA scatterlist (CVE-2017-5547).

drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6
interacts incorrectly with the CONFIG_VMAP_STACK option, which allows
local users to cause a denial of service (system crash or memory
corruption) or possibly have unspecified other impact by leveraging
use of more than one virtual page for a DMA scatterlist (CVE-2017-5548).

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c
in the Linux kernel before 4.9.5 places uninitialized heap-memory
contents into a log entry upon a failure to read the line status, which
allows local users to obtain sensitive information by reading the log
(CVE-2017-5549).

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before
4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs
filesystem, which allows local users to gain group privileges by
leveraging the existence of a setgid program with restrictions on
execute permissions (CVE-2017-5551).

An issue was found in the Linux kernel ipv6 implementation of GRE tunnels
which allows a remote attacker to trigger an out-of-bounds access
(CVE-2017-5897).

The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux
kernel through 4.9.9 allows attackers to cause a denial of service
(system crash) via (1) an application that makes crafted system calls or
possibly (2) IPv4 traffic with invalid IP options (CVE-2017-5970).

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c
in the Linux kernel before 4.9.11 allows local users to cause a denial
of service (assertion failure and panic) via a multithreaded application
that peels off an association in a certain buffer-full state
(CVE-2017-5986).

The dccp_rcv_state_process function in net/dccp/input.c in the Linux
kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures
in the LISTEN state, which allows local users to obtain root privileges
or cause a denial of service (double free) via an application that makes
an IPV6_RECVPKTINFO setsockopt system call (CVE-2017-6074).

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before
4.9.11 allows remote attackers to cause a denial of service (infinite loop
and soft lockup) via vectors involving a TCP packet with the URG flag
(CVE-2017-6214).

Whiteboard: (none) => advisory

on mga5-32 packages

- kernel-tmb-desktop-4.4.50-2.mga5-1-1.mga5.i586
- kernel-tmb-desktop-latest-4.4.50-2.mga5.i586

system booted normally
$ uname -r
4.4.50-tmb-desktop-2.mga5

No regressions noted

OK for mga5-32 on this system:
CPU: Quad core Intel Core i7-6700 
Graphics: Intel HD Graphics 530

CC: (none) => jim

on mga5-64 packages installed:

- kernel-tmb-desktop-4.4.50-2.mga5-1-1.mga5.x86_64
- kernel-tmb-desktop-latest-4.4.50-2.mga5.x86_64

System boots normally
[jim@mga5-64 ~]$ uname -r
4.4.50-tmb-desktop-2.mga5

No regressions noted

OK for mga5-64 on this system
CPU:  Quad core Intel Core i7-6700
Graphics: Intel HD Graphics 530

My testing complete installing all kernel latest (no i586 on the x86-64 systems)
and testing that they boot to a working desktop. The devel latest packages were
also installed for the dkms modules. Tested in i586 and x86-64 vb guests and host
installs.

I'll wait another 8 hours or so, to see if others report regressions before
validating the update.

Installed cleanly on a 64bit UEFI laptop with twin nvidia GTX 965M, 
quadcore i7-5700HQ 2.70 GHz CPU.

Ran drakboot to ensure that the boot menu reflected changes on this multi-boot system.  nvidia module 375.26 built during boot and Mate desktop came up OK.
Basic functions all work.

Picked this kernel variant because it had the fewest comments!

Testing M5 x64 real EFI hardware with AMD/ATI/Radeon graphics

Installed directly with urpmi from Updates Testing:
 kernel-tmb-desktop-devel-4.4.50-2.mga5-1-1.mga5
 kernel-tmb-desktop-latest-4.4.50-2.mga5
 kernel-tmb-desktop-4.4.50-2.mga5-1-1.mga5
 kernel-tmb-desktop-devel-latest-4.4.50-2.mga5
During the installation, it did its fglrx module build.
And I think it did remake grub, because on re-booting to where I am now, the Grub2 menu Mageia 'advanced' options showed the tmb kernel. (I did not try the default Mageia entry in case it landed up with the wrong kernel). The initial reboot at least was very slow.

So it is currently working fine. I will only report back if there is bad news in the next hour or so of use. Otherwise take this as 'OK'.

CC: (none) => lewyssmith

Validating the update

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0064.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED