Bug 21388 - Update request: kernel-linus-4.9.40-1.mga6
Summary: Update request: kernel-linus-4.9.40-1.mga6
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA6-64-OK MGA6-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-07-28 18:55 CEST by Thomas Backlund
Modified: 2017-08-13 15:18 CEST (History)
5 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2017-07-28 18:55:58 CEST
New kernels to test, an advisory will follow...

SRPMS:
kernel-linus-4.9.40-1.mga6.src.rpm



i586:
kernel-linus-4.9.40-1.mga6-1-1.mga6.i586.rpm
kernel-linus-devel-4.9.40-1.mga6-1-1.mga6.i586.rpm
kernel-linus-devel-latest-4.9.40-1.mga6.i586.rpm
kernel-linus-doc-4.9.40-1.mga6.noarch.rpm
kernel-linus-latest-4.9.40-1.mga6.i586.rpm
kernel-linus-source-4.9.40-1.mga6-1-1.mga6.noarch.rpm
kernel-linus-source-latest-4.9.40-1.mga6.noarch.rpm



x86_64:
kernel-linus-4.9.40-1.mga6-1-1.mga6.x86_64.rpm
kernel-linus-devel-4.9.40-1.mga6-1-1.mga6.x86_64.rpm
kernel-linus-devel-latest-4.9.40-1.mga6.x86_64.rpm
kernel-linus-doc-4.9.40-1.mga6.noarch.rpm
kernel-linus-latest-4.9.40-1.mga6.x86_64.rpm
kernel-linus-source-4.9.40-1.mga6-1-1.mga6.noarch.rpm
kernel-linus-source-latest-4.9.40-1.mga6.noarch.rpm
Comment 1 Len Lawrence 2017-07-30 03:21:26 CEST
x86_64  UEFI multiboot
Gigabyte Sniper Z.97
Intel Core i7-4790K 4.00GHz
nvidia GeForce GTX 770
16 GB RAM

nvidia 375.66 module installed during update.
Ran drakboot
Rebooted to Mate desktop
$ uname -r
4.9.40-1.mga6
RAM and cpu stress tests ran fine.  Networking OK on ethernet - ssh, firefox, ntpd.  NFS share directory mounted automatically.  Graphics working - stellarium, glmark2.  Video (vlc) and sound (pulseaudio) OK.  TV adapter recognized - BBC2 on vlc.

CC: (none) => tarazed25

Comment 2 Thomas Backlund 2017-07-30 20:51:34 CEST
subject: Updated kernel-linus packages fixes security and other bugs
CVE:
 - CVE-2017-10810
src:
  6:
   core:
     - kernel-linus-4.9.40-1.mga6
description: |
  This kernel-linus update is based on upstream 4.9.40 and fixes atleast the
  following security issues:

  Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
  is vulnerable to a memory leakage issue. It could occur while creating a
  virtio gpu object in virtio_gpu_object_create(). A user/process could use
  this flaw to leak host kernel memory potentially resulting in Dos
  (CVE-2017-10810).

  It also contains followup fixes to the Stack Clash (CVE-2017-1000370,
  CVE-2017-1000371) security issues resolved in kernels released at end
  of June, 2017.

  Other Mageia kernel specific fixes in this updates:
  - enable support for NFS4_1 and NFS4_2 (mga#21182)

  For other upstream fixes in this update, read the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=21388
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.37
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.38
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.40

Whiteboard: (none) => advisory

Comment 3 Len Lawrence 2017-07-30 23:00:46 CEST
mga6  x86_64  Legacy boot, multiboot system
Lenovo Ideapad Y500
nvidia GT 650M
Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
8 GB RAM

Installed the six packages and ran drakboot.
Rebooted to Mate desktop without any issues.
$ uname -r
4.9.40-1.mga6
Everything running normally.
Comment 4 Bit Twister 2017-08-01 01:15:13 CEST
Constant reboots, can not get into runlevel 3
video pci       Seymour [Radeon HD 6400M  Series]

$ cat /proc/cmdline
/boot/vmlinuz root=LABEL=mga6 noiswmd nokmsboot  ipv6.disable=1 audit=0 vga=795

had to fall back to previous kernel vmlinuz-4.9.35-desktop-1.mga6  ipv6.disable=1 audit=0 vga=795 noiswmd nokmsboot

 ASUSTeK Computer INC. CM6330_CM6630_CM6730_CM6830-8/CM6330_CM6630_CM6730_CM6830, BIOS 0404 09/28/2012
motherboard     P8H61-M PRO/CM6630-8/DP_MB
cpu             Intel® H61
ram             6 gig

CC: (none) => bittwister2

Comment 5 Herman Viaene 2017-08-01 10:07:44 CEST
MGA6-32 on Asus A6000VM MATE
No installation issues
I expected to see entries in /boot for this kernel (analogy with kernel-tmb), so I cann't see the difference between this kernel-linus and the regular kernel.

CC: (none) => herman.viaene

Comment 6 Herman Viaene 2017-08-01 10:41:25 CEST
Confused: 4.9.40-1.mga6 is the kernel-linus 4.9.40-desktop-1.mga6 is the regular one. So kernel did boot.
Usual suspects: Office documents, PDF docs, pictures viewing, video playing, access to NFS shares and wifi-printer all OK
Comment 7 James Kerr 2017-08-13 11:53:21 CEST
On mga6-64

Packages installed cleanly:
kernel-linus-latest-4.9.40-1.mga6.x86_64
kernel-linus-devel-latest-4.9.40-1.mga6.x86_64 
kernel-linus-devel-4.9.40-1.mga6-1-1.mga6.x86_64 
kernel-linus-4.9.40-1.mga6-1-1.mga6.x86_64 

Ran drakboot (this is a multi-boot system)

The "Mageia" default entry in the boot menu booted kernel-linus:
$ uname -r
4.9.40-1.mga6

No problems detected

Virtualbox and client booted normally

OK for mga6-64 on this system:

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
PC-BIOS (legacy) boot
GPT partitions

CC: (none) => jim

Comment 8 James Kerr 2017-08-13 12:04:36 CEST
On mga6-32 in a vbox VM:

Packages installed cleanly:
kernel-linus-latest-4.9.40-1.mga6.i586  
kernel-linus-devel-latest-4.9.40-1.mga6.i586  
kernel-linus-4.9.40-1.mga6-1-1.mga6.i586   
kernel-linus-devel-4.9.40-1.mga6-1-1.mga6.i586 

The default "Mageia" entry in the boot menu booted kernel-linus
$ uname -r
4.9.40-1.mga6

No problems running this kernel.

OK for mga5-32 in a vbox VM
Comment 9 James Kerr 2017-08-13 12:06:08 CEST
(In reply to James Kerr from comment #8)

> OK for mga5-32 in a vbox VM

That should be OK for mga6-32 in a vbox VM
Comment 10 James Kerr 2017-08-13 12:28:27 CEST
(In reply to Bit Twister from comment #4)
> Constant reboots, can not get into runlevel 3

I added 3 to the command line in the graphical boot menu and the system booted  to runlevel 3

I was able to login as either user or root

cat /proc/cmdline 
BOOT_IMAGE=/boot/vmlinuz-4.9.40-1.mga6 root=UUID=371781be-23a5-4ace-abf6-70f7c8473fc1 ro splash quiet noiswmd resume=UUID=82bfcb29-3f53-4b0b-8015-78c674b957a3 audit=0 vga=791 3

uname -r
4.9.40-1.mga6
Comment 11 Thomas Backlund 2017-08-13 12:33:35 CEST
It's tested enough to validate... 

I need theese out of the way as I need to start releasing new kernels for test as there is a new root exploit on the way...
Comment 12 James Kerr 2017-08-13 12:47:49 CEST
Added OK's and validated

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA6-64-OK MGA6-32-OK

Comment 13 Mageia Robot 2017-08-13 15:18:30 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0258.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.