Security and data corruption fixes, advisory will follow... The kmods for virtualbox will be rebuilt after the virtualbox update in bug 20222 is validated and pushed. SRPMS: kernel-4.4.55-1.mga5.src.rpm kernel-userspace-headers-4.4.55-1.mga5.src.rpm kmod-xtables-addons-2.10-35.mga5.src.rpm i586: cpupower-4.4.55-1.mga5.i586.rpm cpupower-devel-4.4.55-1.mga5.i586.rpm kernel-desktop-4.4.55-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-4.4.55-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-4.4.55-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-latest-4.4.55-1.mga5.i586.rpm kernel-desktop586-latest-4.4.55-1.mga5.i586.rpm kernel-desktop-devel-4.4.55-1.mga5-1-1.mga5.i586.rpm kernel-desktop-devel-latest-4.4.55-1.mga5.i586.rpm kernel-desktop-latest-4.4.55-1.mga5.i586.rpm kernel-doc-4.4.55-1.mga5.noarch.rpm kernel-server-4.4.55-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-4.4.55-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-latest-4.4.55-1.mga5.i586.rpm kernel-server-latest-4.4.55-1.mga5.i586.rpm kernel-source-4.4.55-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.55-1.mga5.noarch.rpm kernel-userspace-headers-4.4.55-1.mga5.i586.rpm perf-4.4.55-1.mga5.i586.rpm xtables-addons-kernel-4.4.55-desktop-1.mga5-2.10-35.mga5.i586.rpm xtables-addons-kernel-4.4.55-desktop586-1.mga5-2.10-35.mga5.i586.rpm xtables-addons-kernel-4.4.55-server-1.mga5-2.10-35.mga5.i586.rpm xtables-addons-kernel-desktop586-latest-2.10-35.mga5.i586.rpm xtables-addons-kernel-desktop-latest-2.10-35.mga5.i586.rpm xtables-addons-kernel-server-latest-2.10-35.mga5.i586.rpm x86_64: cpupower-4.4.55-1.mga5.x86_64.rpm cpupower-devel-4.4.55-1.mga5.x86_64.rpm kernel-desktop-4.4.55-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-4.4.55-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-latest-4.4.55-1.mga5.x86_64.rpm kernel-desktop-latest-4.4.55-1.mga5.x86_64.rpm kernel-doc-4.4.55-1.mga5.noarch.rpm kernel-server-4.4.55-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-4.4.55-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-latest-4.4.55-1.mga5.x86_64.rpm kernel-server-latest-4.4.55-1.mga5.x86_64.rpm kernel-source-4.4.55-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.55-1.mga5.noarch.rpm kernel-userspace-headers-4.4.55-1.mga5.x86_64.rpm perf-4.4.55-1.mga5.x86_64.rpm xtables-addons-kernel-4.4.55-desktop-1.mga5-2.10-35.mga5.x86_64.rpm xtables-addons-kernel-4.4.55-server-1.mga5-2.10-35.mga5.x86_64.rpm xtables-addons-kernel-desktop-latest-2.10-35.mga5.x86_64.rpm xtables-addons-kernel-server-latest-2.10-35.mga5.x86_64.rpm
Depends on: (none) => 20222
Raising priority as atleast one CVE is classed as a local privilegie escalation
Priority: Normal => HighSeverity: normal => critical
Blocks: (none) => 20553
No regressions noticed. Tested on a x86_64 system with nvidia proprietary driver and Plasma DE. Tested a bunch of programs with no issues. $ uname -a Linux marte 4.4.55-desktop-1.mga5 #1 SMP Sat Mar 18 18:21:07 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
CC: (none) => mageia
Updated an Athlon X2/nvidia340 machine to the 64-bit server kernel, with dkms building the virtualbox modules locally. Packages installed cleanly, and after update no issues noted. Firefox 45.8 and Thunderbird 45.8 both worked, as did Virtualbox. All existing Virtualbox guests booted and ran as expected. Also, updated one 64-bit guest and one 32-bit guest, with the guestadditions modules built locally. No issues noted with either guest.
CC: (none) => andrewsfarm
Updated one each 32-bit and 64-bit server kernel installs on a Sempron 3100+/nvidia304 machine. This processor has proven to be inadequate for Virtualbox, so it was not tested. Packages installed cleanly, no issues noted on either install.
Minimal test last night: fully updated a neglected _64bit_ Mageia 5 on https://wiki.mageia.org/en/User:Marja/QA/Hardware#Lenovo_ThinkPad_SL510 with Intel Gfx, rebooted, enabled updates_testing (core and nonfree), updated again, rebooted into the new kernel-desktop-4.4.55-1.mga5-1-1.mga5.x86_64 and ran some applications, like FF and TB. No problems encountered.
CC: (none) => marja11
Virtualbox update was validated/pushed, so here is the kmods for this update: SRPMS: kmod-vboxadditions-5.1.18-2.mga5.src.rpm kmod-virtualbox-5.1.18-2.mga5.src.rpm i586: vboxadditions-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-4.4.55-desktop586-1.mga5-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.i586.rpm vboxadditions-kernel-server-latest-5.1.18-2.mga5.i586.rpm virtualbox-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.i586.rpm virtualbox-kernel-4.4.55-desktop586-1.mga5-5.1.18-2.mga5.i586.rpm virtualbox-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.1.18-2.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.1.18-2.mga5.i586.rpm virtualbox-kernel-server-latest-5.1.18-2.mga5.i586.rpm x86_64: vboxadditions-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.x86_64.rpm vboxadditions-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-4.4.55-server-1.mga5-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.1.18-2.mga5.x86_64.rpm
Oh, and the whole Mageia build infra has been running on the x86_64 server kernel for the last 4+ days without issues
On mga5-64 Packages installed cleanly: - cpupower-4.4.55-1.mga5.x86_64 - kernel-desktop-4.4.55-1.mga5-1-1.mga5.x86_64 - kernel-desktop-latest-4.4.55-1.mga5.x86_64 - virtualbox-kernel-4.4.55-desktop-1.mga5-5.1.18-2.mga5.x86_64 - virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64 System re-booted normally $ uname -r 4.4.55-desktop-1.mga5 no regressions noted (virtualbox and win7, winxp clients running normally) OK for mga5-64 on this system: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 Card: Intel HD Graphics 530 CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
CC: (none) => jim
Advisory (already added to svn) subject: Updated kernel packages fixes security vulnerabilities CVE: - CVE-2017-2636 - CVE-2017-6346 - CVE-2017-6347 - CVE-2017-6348 src: 5: core: - kernel-4.4.55-1.mga5 - kernel-userspace-headers-4.4.55-1.mga5 - kmod-vboxadditions-5.1.18-2.mga5 - kmod-virtualbox-5.1.18-2.mga5 - kmod-xtables-addons-2.10-35.mga5 description: | This kernel update is based on upstream 4.4.55 and fixes atleast the following security issues: Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (CVE-2017-2636). Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls (CVE-2017-6346). The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (CVE-2017-6347). The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (CVE-2017-6348). For other upstream fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=20527 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55
Whiteboard: (none) => advisory
Testing complete on both i586 and x86_64, both on real hardware and under vb. Validating the update.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0088.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
On real hardware, M5, KDE, 64-bit initial install: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.50-desktop-2.mga5 #1 SMP Thu Feb 23 21:21:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.50-2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-5.1.18-1.mga5.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-4.4.50-2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current M5.1 i586 Gnome Live-CD runs as a Vbox client. Boots to a working desktop. Common apps work. Screen sizes are correct. install or check: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 4.4.55-desktop-1.mga5 #1 SMP Sat Mar 18 18:21:07 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.55-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.1.18-2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-5.1.18-1.mga5.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-5.1.18-2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-5.1.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-4.4.55-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current System boots to a working desktop. Common apps work. Previously created M5 i586 Gnome Live-CD runs as a Vbox client. M5.1 Gnome x86_64 Live-DVD runs as a Vbox client. M5.1 x86_64 KDE CI, installs and updates as a Vbox client. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Looks good
CC: (none) => wilcal.int
Created attachment 9159 [details] screenshot of the Xorg.log My VM with Mageia 5 no longer boots with 4.4.55, see the screenshot. It works fine with 4.4.30.
(In reply to Frédéric Buclin from comment #13) > Created attachment 9159 [details] > screenshot of the Xorg.log > > My VM with Mageia 5 no longer boots with 4.4.55, see the screenshot. It > works fine with 4.4.30. In the virtualbox guest, add the kernel option nomodeset.