Bug 20859 - Update request: kernel-tmb-4.4.68-1.mga5
Summary: Update request: kernel-tmb-4.4.68-1.mga5
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Keywords: validated_update
Depends on:
Reported: 2017-05-15 20:26 CEST by Thomas Backlund
Modified: 2017-05-26 08:55 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-tmb
Status comment:


Description Thomas Backlund 2017-05-15 20:26:26 CEST
All critical CVE fixes in as in core kernel in MGASA-2017-0136 + More CVE fixes, including remote NFSD exploits, advisory will follow...



Comment 1 Len Lawrence 2017-05-18 06:51:37 CEST
x86_64, nvidia GTX770, Haswell i7-4790K, 16GB RAM (DIMM)
Gigabyte Sniper.Z97 motherboard

Clean install.  nvidia and virtualbox modules rebuilt during boot sequence.
nvidia 375.26

Mate, Mate terminal, emacs
Sound and video working fine, vlc, mplayer, TV card PCTV 290e
Package installation, gem, ruby, tk, rsync
MCC, LibreOffice writer, Firefox, MageiaWelcome
eom, gqview, ImageMagick, gwenview, gimp
galculator, xpdf

All working fine.

CC: (none) => tarazed25

Comment 2 Len Lawrence 2017-05-18 14:08:44 CEST
Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz
twin nvidia GTX 965M - running on one

Installed from Updates Testing and rebooted.  Mate Desktop functioning.
pulseaudio up and running.

Tried terminals, emacs, networking, libreoffice, the gimp, mcc, urpmi, firefox
Installed ntp, enabled and started it.

image viewers: eom, gwenview, display
audio/video OK in gmplayer and vlc

All working - that should be enough for now.
Comment 3 Len Lawrence 2017-05-18 14:20:06 CEST
Re comment 2 - that was x86_64

$ sudo nvidia-xconfig --sli=ON
Logged out and in.  xorg.conf screen section records "SLI" "ON"
nvidia-settings lists DFP-1 against GPU 0 only.

The system continues to work normally.
Comment 4 Len Lawrence 2017-05-18 18:15:50 CEST
x86_64 Ivy Bridge
Intel(R) Core(TM) i7-3630QM
nvidia GT 650M (nvidia 375.26 driver)

Installed the packages from Core Updates Testing - no problems.

Rebooted to working Mate desktop.
Common applications work:
terminal, emacs, vi, ssh, ruby, tk, vlc, mplayer, libreoffice, imagemagick,
eom, gqview, gwenview, firefox, sound and video.....
Installed stellarium and celestia and both worked fine.
Comment 5 Thomas Backlund 2017-05-20 22:44:02 CEST
Advisory (also added to svn):

  This kernel-tmb update is based on upstream 4.4.68 and fixes atleast
  the following security issues:

  fs/namespace.c in the Linux kernel before 4.9 does not restrict how many
  mounts may exist in a mount namespace, which allows local users to cause
  a denial of service (memory consumption and deadlock) via MS_BIND mount
  system calls, as demonstrated by a loop that triggers exponential growth
  in the number of mounts (CVE-2016-6213).

  The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in
  the Linux kernel before 4.6 allows local users to gain privileges or cause
  a denial of service (use-after-free) via vectors involving omission of the
  firmware name from a certain data structure (CVE-2016-7913).

  The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux
  kernel before 4.5 does not check whether a batch message's length field is
  large enough, which allows local users to obtain sensitive information from
  kernel memory or cause a denial of service (infinite loop or out-of-bounds
  read) by leveraging the CAP_NET_ADMIN capability (CVE-2016-7917).

  The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through
  4.8.11 does not validate the relationship between the minimum fragment
  length and the maximum packet size, which allows local users to gain
  privileges or cause a denial of service (heap-based buffer overflow) by
  leveraging the CAP_NET_ADMIN capability (CVE-2016-8632).

  drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local
  users to bypass integer overflow checks, and cause a denial of service
  (memory corruption) or have unspecified other impact, by leveraging access
  to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a
  "state machine confusion bug" (CVE-2016-9083).

  drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11
  misuses the kzalloc function, which allows local users to cause a denial
  of service (integer overflow) or have unspecified other impact by
  leveraging access to a vfio PCI device file (CVE-2016-9084).

  It was discovered that root can gain direct access to an internal keyring,
  such as '.builtin_trusted_keys' upstream, by joining it as its session
  keyring. This allows root to bypass module signature verification by adding
  a new public key of its own devising to the keyring (CVE-2016-9604).

  The ping_unhash function in net/ipv4/ping.c in the Linux kernel through
  4.10.8 is too late in obtaining a certain lock and consequently cannot
  ensure that disconnect function calls are safe, which allows local users
  to cause a denial of service (panic) by leveraging access to the protocol
  value of IPPROTO_ICMP in a socket system call (CVE-2017-2671).

  Race condition in kernel/events/core.c in the Linux kernel before 4.9.7
  allows local users to gain privileges via a crafted application that makes
  concurrent perf_event_open system calls for moving a software group into a
  hardware context. NOTE: this vulnerability exists because of an incomplete
  fix for CVE-2016-6786 (CVE-2017-6001).

  The keyring_search_aux function in security/keys/keyring.c in the Linux
  kernel through 3.14.79 allows local users to cause a denial of service
  (NULL pointer dereference and OOPS) via a request_key system call for the
  "dead" type (CVE-2017-6951).

  The packet_set_ring function in net/packet/af_packet.c in the Linux kernel
  through 4.10.6 does not properly validate certain block-size data, which
  allows local users to cause a denial of service (overflow) or possibly have
  unspecified other impact via crafted system calls (CVE-2017-7308).

  A vulnerability was found in the Linux kernel. It was found that
  keyctl_set_reqkey_keyring() function leaks thread keyring which allows
  unprivileged local user to exhaust kernel memory (CVE-2017-7472).

  The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through
  4.10.11 allows remote attackers to cause a denial of service (system crash)
  via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and
  fs/nfsd/nfsxdr.c (CVE-2017-7645).

  The NFSv2 and NFSv3 server implementations in the Linux kernel through
  4.10.13 lack certain checks for the end of a buffer, which allows remote
  attackers to trigger pointer-arithmetic errors or possibly have unspecified
  other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and
  fs/nfsd/nfsxdr.c (CVE-2017-7895).

  For other upstream fixes in this update, see the referenced changelogs.
 - https://bugs.mageia.org/show_bug.cgi?id=20859
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.60
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.61
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.62
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.63
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.64
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.65
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.66
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.67
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.68

Whiteboard: (none) => advisory

Comment 6 Dave Hodgins 2017-05-26 08:37:25 CEST
Testing of all kernels complete on real hardware and under vb.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 7 Mageia Robot 2017-05-26 08:55:38 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.