Bug 21520 - Update request: kernel-linus-4.9.43-1.mga6
Summary: Update request: kernel-linus-4.9.43-1.mga6
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA6-32-OK MGA6-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-08-13 23:53 CEST by Thomas Backlund
Modified: 2017-08-20 10:49 CEST (History)
5 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2017-08-13 23:53:35 CEST 
New kernels to test, contains security fixes for atleast a local root exploit, advisory will follow...


SRPMS:
kernel-linus-4.9.43-1.mga6.src.rpm


i586:
kernel-linus-4.9.43-1.mga6-1-1.mga6.i586.rpm
kernel-linus-devel-4.9.43-1.mga6-1-1.mga6.i586.rpm
kernel-linus-devel-latest-4.9.43-1.mga6.i586.rpm
kernel-linus-doc-4.9.43-1.mga6.noarch.rpm
kernel-linus-latest-4.9.43-1.mga6.i586.rpm
kernel-linus-source-4.9.43-1.mga6-1-1.mga6.noarch.rpm
kernel-linus-source-latest-4.9.43-1.mga6.noarch.rpm


x86_64:
kernel-linus-4.9.43-1.mga6-1-1.mga6.x86_64.rpm
kernel-linus-devel-4.9.43-1.mga6-1-1.mga6.x86_64.rpm
kernel-linus-devel-latest-4.9.43-1.mga6.x86_64.rpm
kernel-linus-doc-4.9.43-1.mga6.noarch.rpm
kernel-linus-latest-4.9.43-1.mga6.x86_64.rpm
kernel-linus-source-4.9.43-1.mga6-1-1.mga6.noarch.rpm
kernel-linus-source-latest-4.9.43-1.mga6.noarch.rpm
Comment 1 Len Lawrence 2017-08-14 11:44:52 CEST 
Mageia release 6 (Official) for x86_64
4.9.40-desktop-1.mga6
Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
NVIDIA Corporation GF114 [GeForce GTX 555] 
RAM  7.70 GB
Legacy boot

Clean install of all the packages listed.
Rebooted to the Mate desktop.  Defaulted to mga6 wallpaper, ignoring Mate settings.  Startup applications were running.
$ uname -r
4.9.43-1.mga6

Letting this run for a while.  Common desktop applications are all running fine.
Tried a few stress applications to exercize RAM access, CPU cores, IO, disk access and graphics.  Video, sound, networking, NFS all running fine.

CC: (none) => tarazed25

Comment 2 Len Lawrence 2017-08-14 11:58:00 CEST 
Re comment 1.
VirtualBox fails to launch because the vboxdrv needs to be rebuilt.  Leaving that for the stock kernel.
Comment 3 James Kerr 2017-08-14 22:08:13 CEST 
On mga6-64

Packages installed cleanly:
- kernel-linus-4.9.43-1.mga6-1-1.mga6.x86_64
- kernel-linus-devel-4.9.43-1.mga6-1-1.mga6.x86_64
- kernel-linus-devel-latest-4.9.43-1.mga6.x86_64
- kernel-linus-latest-4.9.43-1.mga6.x86_64
- kernel-userspace-headers-4.9.43-1.mga6.x86_64

Executed drakboot

The "Mageia" default entry in the boot menu booted kernel-linus:
$ uname -r
4.9.43-1.mga6

No problems detected

Virtualbox and client booted normally

OK for mga6-64 on this system:

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
PC-BIOS (legacy) boot
GPT partitions

CC: (none) => jim

Comment 4 James Kerr 2017-08-14 22:12:44 CEST 
On mga6-32 in a vbox VM:

Packages installed cleanly:
- kernel-linus-4.9.43-1.mga6-1-1.mga6.i586
- kernel-linus-devel-4.9.43-1.mga6-1-1.mga6.i586
- kernel-linus-devel-latest-4.9.43-1.mga6.i586
- kernel-linus-latest-4.9.43-1.mga6.i586
- kernel-userspace-headers-4.9.43-1.mga6.i586

The default "Mageia" entry in the boot menu booted kernel-linus
$ uname -r
4.9.43-1.mga6

No problems running this kernel.

OK for mga6-32 in a vbox VM
Comment 5 Thomas Backlund 2017-08-18 18:47:20 CEST 
Advisory:

  This kernel update is based on upstream 4.9.43 and fixes atleast the
  following security issues:

  The curseg->segno call in f2fs driver can be malformed so that it will have
  a value that triggers an out of boundary write that could cause memory
  corruption on the affected devices, leading to code execution in the kernel
  context. This would allow for more data to be accessed and controlled by
  the malware (CVE-2017-10663).

  The UDP Fragmentation Offload (UFO) feature is vulnerable to out-of-bounds
  writes causing exploitable memory corruption. If unprivileged user
  namespaces are available, this bug can be exploited to gain root privileges
  (CVE-2017-1000112).

  For other upstream fixes in this update, read the referenced changelogs.

Whiteboard: (none) => advisory

Comment 6 William Kenney 2017-08-19 23:09:03 CEST 
In a Vbox client, M6, Plasma, 32-bit

Testing: kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.9.43-desktop-1.mga6 #1 SMP Sun Aug 13 16:29:48 UTC 2017 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-4.9.43-1.mga6.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

Comment 7 William Kenney 2017-08-19 23:23:00 CEST 
In a Vbox client, M6, Plasma, 64-bit

Testing: kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.9.43-desktop-1.mga6 #1 SMP Sun Aug 13 15:52:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-4.9.43-1.mga6.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.
William Kenney 2017-08-19 23:23:46 CEST

Whiteboard: advisory => advisory MGA6-32-OK MGA6-64-OK

Comment 8 William Kenney 2017-08-19 23:24:22 CEST 
Looks good to me. Shall we push it on?
Lewis Smith 2017-08-20 09:58:39 CEST

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 9 Mageia Robot 2017-08-20 10:49:22 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0287.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.