https://access.redhat.com/security/cve/cve-2017-1000364

CVE: (none) => CVE-2017-1000364

Already addressed in kernel 4.9.34 in Cauldron.  Will be addressed soon in Mageia 5, pending completion of fixes for 4.4.x by upstream.

Version: Cauldron => 5
Assignee: bugsquad => kernel

So it took to this morning to get the fixes validated upstream :/
(otoh it means they are better tested upstream too)

Theese are still building (see http://pkgsubmit.mageia.org/) but should be on mirrors in ~2-3 hours

Assigning to QA right now, will provide advisory for it tonight (as we fix more CVEs than this one...)


SRPMS:
kernel-4.4.74-1.mga5.src.rpm
kernel-userspace-headers-4.4.74-1.mga5.src.rpm

kmod-vboxadditions-5.1.22-7.mga5.src.rpm
kmod-virtualbox-5.1.22-7.mga5.src.rpm
kmod-xtables-addons-2.10-43.mga5.src.rpm



i586:
cpupower-4.4.74-1.mga5.i586.rpm
cpupower-devel-4.4.74-1.mga5.i586.rpm
kernel-desktop-4.4.74-1.mga5-1-1.mga5.i586.rpm
kernel-desktop586-4.4.74-1.mga5-1-1.mga5.i586.rpm
kernel-desktop586-devel-4.4.74-1.mga5-1-1.mga5.i586.rpm
kernel-desktop586-devel-latest-4.4.74-1.mga5.i586.rpm
kernel-desktop586-latest-4.4.74-1.mga5.i586.rpm
kernel-desktop-devel-4.4.74-1.mga5-1-1.mga5.i586.rpm
kernel-desktop-devel-latest-4.4.74-1.mga5.i586.rpm
kernel-desktop-latest-4.4.74-1.mga5.i586.rpm
kernel-doc-4.4.74-1.mga5.noarch.rpm
kernel-server-4.4.74-1.mga5-1-1.mga5.i586.rpm
kernel-server-devel-4.4.74-1.mga5-1-1.mga5.i586.rpm
kernel-server-devel-latest-4.4.74-1.mga5.i586.rpm
kernel-server-latest-4.4.74-1.mga5.i586.rpm
kernel-source-4.4.74-1.mga5-1-1.mga5.noarch.rpm
kernel-source-latest-4.4.74-1.mga5.noarch.rpm
kernel-userspace-headers-4.4.74-1.mga5.i586.rpm
perf-4.4.74-1.mga5.i586.rpm

vboxadditions-kernel-4.4.74-desktop-1.mga5-5.1.22-7.mga5.i586.rpm
vboxadditions-kernel-4.4.74-desktop586-1.mga5-5.1.22-7.mga5.i586.rpm
vboxadditions-kernel-4.4.74-server-1.mga5-5.1.22-7.mga5.i586.rpm
vboxadditions-kernel-desktop586-latest-5.1.22-7.mga5.i586.rpm
vboxadditions-kernel-desktop-latest-5.1.22-7.mga5.i586.rpm
vboxadditions-kernel-server-latest-5.1.22-7.mga5.i586.rpm

virtualbox-kernel-4.4.74-desktop-1.mga5-5.1.22-7.mga5.i586.rpm
virtualbox-kernel-4.4.74-desktop586-1.mga5-5.1.22-7.mga5.i586.rpm
virtualbox-kernel-4.4.74-server-1.mga5-5.1.22-7.mga5.i586.rpm
virtualbox-kernel-desktop586-latest-5.1.22-7.mga5.i586.rpm
virtualbox-kernel-desktop-latest-5.1.22-7.mga5.i586.rpm
virtualbox-kernel-server-latest-5.1.22-7.mga5.i586.rpm

xtables-addons-kernel-4.4.74-desktop-1.mga5-2.10-43.mga5.i586.rpm
xtables-addons-kernel-4.4.74-desktop586-1.mga5-2.10-43.mga5.i586.rpm
xtables-addons-kernel-4.4.74-server-1.mga5-2.10-43.mga5.i586.rpm
xtables-addons-kernel-desktop586-latest-2.10-43.mga5.i586.rpm
xtables-addons-kernel-desktop-latest-2.10-43.mga5.i586.rpm
xtables-addons-kernel-server-latest-2.10-43.mga5.i586.rpm



x86_64:
cpupower-4.4.74-1.mga5.x86_64.rpm
cpupower-devel-4.4.74-1.mga5.x86_64.rpm
kernel-desktop-4.4.74-1.mga5-1-1.mga5.x86_64.rpm
kernel-desktop-devel-4.4.74-1.mga5-1-1.mga5.x86_64.rpm
kernel-desktop-devel-latest-4.4.74-1.mga5.x86_64.rpm
kernel-desktop-latest-4.4.74-1.mga5.x86_64.rpm
kernel-doc-4.4.74-1.mga5.noarch.rpm
kernel-server-4.4.74-1.mga5-1-1.mga5.x86_64.rpm
kernel-server-devel-4.4.74-1.mga5-1-1.mga5.x86_64.rpm
kernel-server-devel-latest-4.4.74-1.mga5.x86_64.rpm
kernel-server-latest-4.4.74-1.mga5.x86_64.rpm
kernel-source-4.4.74-1.mga5-1-1.mga5.noarch.rpm
kernel-source-latest-4.4.74-1.mga5.noarch.rpm
kernel-userspace-headers-4.4.74-1.mga5.x86_64.rpm
perf-4.4.74-1.mga5.x86_64.rpm

vboxadditions-kernel-4.4.74-desktop-1.mga5-5.1.22-7.mga5.x86_64.rpm
vboxadditions-kernel-4.4.74-server-1.mga5-5.1.22-7.mga5.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.1.22-7.mga5.x86_64.rpm
vboxadditions-kernel-server-latest-5.1.22-7.mga5.x86_64.rpm

virtualbox-kernel-4.4.74-desktop-1.mga5-5.1.22-7.mga5.x86_64.rpm
virtualbox-kernel-4.4.74-server-1.mga5-5.1.22-7.mga5.x86_64.rpm
virtualbox-kernel-desktop-latest-5.1.22-7.mga5.x86_64.rpm
virtualbox-kernel-server-latest-5.1.22-7.mga5.x86_64.rpm

xtables-addons-kernel-4.4.74-desktop-1.mga5-2.10-43.mga5.x86_64.rpm
xtables-addons-kernel-4.4.74-server-1.mga5-2.10-43.mga5.x86_64.rpm
xtables-addons-kernel-desktop-latest-2.10-43.mga5.x86_64.rpm
xtables-addons-kernel-server-latest-2.10-43.mga5.x86_64.rpm

CC: (none) => tmb
Severity: normal => critical
Assignee: kernel => qa-bugs
Status: NEW => ASSIGNED
Priority: Normal => High

On mga5-64

Packages installed cleanly:

- cpupower-4.4.72-1.mga5.x86_64
- kernel-desktop-4.4.72-1.mga5-1-1.mga5.x86_64
- kernel-desktop-latest-4.4.72-1.mga5.x86_64
- virtualbox-kernel-4.4.72-desktop-1.mga5-5.1.22-6.mga5.x86_64
- virtualbox-kernel-desktop-latest-5.1.22-6.mga5.x86_64

system re-booted normally
$ uname -r
4.4.72-desktop-1.mga5

No regressions noted

Virtualbox launches and runs vbox client (mga5-32)

OK for mga5-64 on this system:

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700

CC: (none) => jim

Ignore comment#4 - I obviously installed an older version - not quite fully awake yet!

The following 2 packages are going to be installed:

- kernel-desktop-4.4.74-1.mga5-1-1.mga5.i586
- kernel-desktop-latest-4.4.74-1.mga5.i586

52MB of additional disk space will be used.

47MB of packages will be retrieved.

Is it ok to continue?

$ uname -a
Linux localhost.localdomain 4.4.74-desktop-1.mga5 #1 SMP Mon Jun 26 08:33:18 UTC 2017 i686 i686 i686 GNU/Linux


Libreoffice Writer crashes now when I click on File menu option.

Keywords: (none) => NEEDHELP
CC: (none) => brtians1

I'm not sure why you put NEEDHELP as a keyword.  I am not aware of us using that.  We do use feedback in the whiteboard.  For this issue with LibreOffice, it might get more attention in the qa-discuss thread (though you were right to mention it here).  I wouldn't actually want to add the feedback tag in this case as it discourages people from testing.

Keywords: NEEDHELP => (none)

i586 glibc and kernel-desktop OK:
HW: Thinkpad T40, SSD, Radeon 7500, ipw2200.
Install:  separate /boot, rest LVM, KDE4
Clean install, boot, suspend-resume, hibernate-resume OK incl resuming playing video from internet on wifi (old quirk is that after resume display is grey; login screen get visible when i move mouse), good performance.

I can not replicate comment #6 problem in LOWriter.

CC: (none) => fri

on an old ThinkPad https://wiki.mageia.org/en/User:Marja/QA/Hardware#Lenovo_ThinkPad_SL510

Updated kernel, glibc and microcode:

cpupower-4.4.74-1.mga5.x86_64                 Mon 26 Jun 2017 15:26:39 CEST
glibc-2.20-25.mga5.x86_64                     Mon 26 Jun 2017 15:26:06 CEST
glibc-devel-2.20-25.mga5.x86_64               Mon 26 Jun 2017 15:26:12 CEST
kernel-desktop-4.4.74-1.mga5-1-1.mga5.x86_64  Mon 26 Jun 2017 15:26:32 CEST
kernel-desktop-latest-4.4.74-1.mga5.x86_64    Mon 26 Jun 2017 15:26:35 CEST
kernel-userspace-headers-4.4.74-1.mga5.x86_64 Mon 26 Jun 2017 15:26:36 CEST
microcode-0.20170511-1.mga5.nonfree.noarch    Mon 26 Jun 2017 15:26:40 CEST
nscd-2.20-25.mga5.x86_64                      Mon 26 Jun 2017 15:26:41 CEST

After reboot and until now, everything worked fine, apart from an old issue that already existed before.

CC: (none) => marja11

Tested on i586 on 2007 laptop. All Ok after reboot.

CC: (none) => lists.jjorge

On real hardware, M5, KDE, 64-bit

Tested:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest nvidia-current-kernel-desktop-latest

My initial testing indicates that kernel update is successful, Vbox runs on updated system
and Vbox clients created before and after update are successful. Some more testing to go
but looks good here.

[root@localhost wilcal]# uname -a
Linux localhost 4.4.74-desktop-1.mga5 #1 SMP Mon Jun 26 07:50:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.74-1.mga5.x86_64 is already installed

CC: (none) => wilcal.int

On mga5-64

Packages updated cleanly:
- cpupower-4.4.74-1.mga5.x86_64
- kernel-desktop-4.4.74-1.mga5-1-1.mga5.x86_64
- kernel-desktop-latest-4.4.74-1.mga5.x86_64
- virtualbox-kernel-4.4.74-desktop-1.mga5-5.1.22-7.mga5.x86_64
- virtualbox-kernel-desktop-latest-5.1.22-7.mga5.x86_64

system re-booted normally:
$ uname -r
4.4.74-desktop-1.mga5

No regressions noted

Virtualbox launches and runs client normally

OK for mga5-64 on this system:

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700

On mga5-32 (in a vbox VM)

Packages updated cleanly:
- cpupower-4.4.74-1.mga5.i586
- kernel-desktop-4.4.74-1.mga5-1-1.mga5.i586
- kernel-desktop-latest-4.4.74-1.mga5.i586
- kernel-userspace-headers-4.4.74-1.mga5.i586
- vboxadditions-kernel-4.4.74-desktop-1.mga5-5.1.22-7.mga5.i586
- vboxadditions-kernel-desktop-latest-5.1.22-7.mga5.i586
- kernel-desktop-devel-4.4.74-1.mga5-1-1.mga5.i586
- kernel-desktop-devel-latest-4.4.74-1.mga5.i586

VM re-booted normally:
$ uname -r
4.4.74-desktop-1.mga5

No regressions noted

OK for mga5-32

Testing M5_64 real hardware Radeon video

cpupower-4.4.74-1.mga5
kernel-desktop-devel-latest-4.4.74-1.mga5
kernel-desktop-4.4.74-1.mga5-1-1.mga5
kernel-desktop-latest-4.4.74-1.mga5
kernel-userspace-headers-4.4.74-1.mga5
kernel-desktop-devel-4.4.74-1.mga5-1-1.mga5

$ uname -r
4.4.74-desktop-1.mga5

Think this is running the normal desktop kernel (boot menu has the Linus one also). Working so far to write this. LibreOffice File menu opens things OK. Looks OK.

CC: (none) => lewyssmith

x86_64 MBR
Lenovo Ideapad Y500
Intel(R) Core(TM) i7-3630QM @ 2.4GHz
nvidia GeForce GT650M

After chasing mirrors all over the planet, all afternoon, these were all that were available:

cpupower-4.4.74-1 
kernel-desktop-4.4.74-1.mga5-1-1 
kernel-desktop-devel-4.4.74-1.mga5-1-1 
kernel-desktop-devel-latest-4.4.74-1 
kernel-desktop-latest-4.4.74-1 
kernel-doc-4.4.74-1.mga5.noarch.rpm
kernel-userspace-headers-4.4.74-1 

These installed cleanly after a glibc update.

Leaving any further testing until the mirrors catch up.

CC: (none) => tarazed25

Advisory, also added to svn:

  This kernel update is based on upstream 4.4.74 and fixes atleast
  the following security issues:

  The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through
  4.11.1 mishandles reference counts, which allows local users to cause a
  denial of service (use-after-free) or possibly have unspecified other
  impact via a failed SIOCGIFADDR ioctl call for an IPX interface
  (CVE-2017-7487).

  The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
  Linux kernel through 4.10.15 allows attackers to cause a denial of service
  (double free) or possibly have unspecified other impact by leveraging use
  of the accept system call (CVE-2017-8890).

  The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
  does not consider that the nexthdr field may be associated with an invalid
  option, which allows local users to cause a denial of service (out-of-bounds
  read and BUG) or possibly have unspecified other impact via crafted socket
  and send system calls (CVE-2017-9074).

  The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
  through 4.11.1 mishandles inheritance, which allows local users to cause a
  denial of service or possibly have unspecified other impact via crafted
  system calls, a related issue to CVE-2017-8890 (CVE-2017-9075).

  The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel
  through 4.11.1 mishandles inheritance, which allows local users to cause a
  denial of service or possibly have unspecified other impact via crafted
  system calls, a related issue to CVE-2017-8890 (CVE-2017-9076).

  The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
  through 4.11.1 mishandles inheritance, which allows local users to cause a
  denial of service or possibly have unspecified other impact via crafted
  system calls, a related issue to CVE-2017-8890 (CVE-2017-9077).

  The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
  through 4.11.3 is too late in checking whether an overwrite of an skb data
  structure may occur, which allows local users to cause a denial of service
  (system crash) via crafted system calls (CVE-2017-9242).

  The vmw_gb_surface_define_ioctl function (accessible via
  DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
  in the Linux kernel through 4.11.4 defines a backup_handle variable but
  does not give it an initial value. If one attempts to create a GB surface,
  with a previously allocated DMA buffer to be used as a backup buffer, the
  backup_handle variable does not get written to and is then later returned
  to user space, allowing local users to obtain sensitive information from
  uninitialized kernel memory via a crafted ioctl call (CVE-2017-9605).

  A vulnerability was found in the Linux kernel's lp_setup() function where it
  doesn't apply any bounds checking when passing "lp=none". This can result
  into overflow of the parport_nr[] array. An attacker with control over kernel
  command line can overwrite kernel code and data with fixed (0xff) values
  (CVE-2017-1000363).

  A flaw was found in the way memory was being allocated on the stack for
  user space binaries. If heap (or different memory region) and stack memory
  regions were adjacent to each other, an attacker could use this flaw to
  jump over the stack guard gap, cause controlled memory corruption on process
  stack or the adjacent memory region, and thus increase their privileges on
  the system. This is a kernel-side mitigation which increases the stack guard
  gap size from one page to 1 MiB to make successful exploitation of this
  issue more difficult (CVE-2017-1000364).

  The Linux Kernel imposes a size restriction on the arguments and
  environmental strings passed through RLIMIT_STACK/RLIM_INFINITY(1/4 of
  the size), but does not take the argument and environment pointers into
  account, which allows attackers to bypass this limitation. This affects
  Linux Kernel versions 4.11.5 and earlier (CVE-2017-1000365).

  sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a
  data race in the ALSA /dev/snd/timer driver resulting in local users being
  able to read information belonging to other users, i.e., uninitialized
  memory contents may be disclosed when a read and an ioctl happen at the
  same time (CVE-2017-1000380).

  The block interface response structure has some discontiguous fields.
  Certain backends populate the structure fields of an otherwise
  uninitialized instance of this structure on their stacks, leaking
  data through the (internal or trailing) padding field. A malicious
  unprivileged guest may be able to obtain sensitive information from the
  host or other guests (XSA-216).

  Other changes in this kernel:
  - add support for rtl8812au wireless (mga#21043)
  - enable support for SMB2 (mga#20886)

  For other upstream fixes in this update, see the referenced changelogs.

Whiteboard: (none) => advisory

x86_64
Gigabyte Sniper Z.97
Intel Core i7-4790K 4.00GHz
nvidia GeForce GTX 770

All the packages installed cleanly, the nvidia module was upgraded and the vbox modules built and installed.  Rebooting was a bit of a problem because several of the menu entries were anonymous.  It was a matter of trial and error to pick the latest  kernel.

$ uname -r
4.4.74-desktop-1.mga5

Everything appears to be in order but keeping it running as a production kernel to check for regressions.

The x86_64 server kernel has now been running on mageia infra for 8 hours on some nodes, and ~4 hours on other nodes

Looks good enough... validating to get it out

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0186.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Late to the party once again, but just to add...

i586 server kernel on real hardware (Athlon X2, nvidia 340 graphics, Atheros wifi). Boots to a normal desktop, Firefox works, as well as Libreoffice Writer and Calc. No problems noted, except for some mirror difficulties.

Looks good here.

CC: (none) => andrewsfarm

I was able to address the libreoffice writer issue.  The kernel is functioning fine.

Brian

I was able to address the libreoffice writer issue.  The kernel is functioning fine.

Brian

(sorry for the delay, I accidentally messed it up first...)

x86_64 glibc and kernel-desktop: OK
HW: dual Atom, Radeon, SSD + 2 mech disk. Install: separate /boot, LVM for other system partitions, LVM on LUKS for user data partitions. Running Apache, NFS,...