New kernels to test, contains security fixes for atleast a local root exploit, advisory will follow... SRPMS: kernel-linus-4.4.82-1.mga5.src.rpm i586: kernel-linus-4.4.82-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.82-1.mga5.i586.rpm kernel-linus-doc-4.4.82-1.mga5.noarch.rpm kernel-linus-latest-4.4.82-1.mga5.i586.rpm kernel-linus-source-4.4.82-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.82-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.82-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.82-1.mga5.x86_64.rpm kernel-linus-doc-4.4.82-1.mga5.noarch.rpm kernel-linus-latest-4.4.82-1.mga5.x86_64.rpm kernel-linus-source-4.4.82-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.82-1.mga5.noarch.rpm
Mageia release 5 (Official) for x86_64 4.4.79-desktop-1.mga5 : nvidia 375.66 Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz NVIDIA Corporation GM204 [GeForce GTX 970] RAM 31.38 GB UEFI boot The packages installed cleanly. As this is a multiboot system it was necessary to run 'drakboot --boot' to configure and reinstall the bootloader. Rebooted to Mate. nvidia-current built during the boot process. $ uname -r 4.4.82-1.mga5 stellarium launched fine. It had been installed as a noarch package with most subsidiary packages drawn from i586/media/core/updates. No problems running it. glmark2 installed from local RPMs as a mixed noarch/i686 package. That also launched and ran. Other stress tests completed successfully. Networking and NFS shares working OK.
CC: (none) => tarazed25
On mga5-64 Packages installed cleanly: - kernel-linus-4.4.82-1.mga5-1-1.mga5.x86_64 - kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.x86_64 - kernel-linus-devel-latest-4.4.82-1.mga5.x86_64 - kernel-linus-latest-4.4.82-1.mga5.x86_64 - kernel-userspace-headers-4.4.82-1.mga5.x86_64 Executed drakboot --boot to re-install boot loader System re-booted normally from the default "Mageia" entry $ uname -r 4.4.82-1.mga5 No regressions noted Virtualbox and client launched normally OK for mga5-64 on this system: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 Card: Intel HD Graphics 530 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) PC-BIOS boot GPT partitions
CC: (none) => jim
On mga5-32 in a vbox VM Packages installed cleanly: - kernel-linus-4.4.82-1.mga5-1-1.mga5.i586 - kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.i586 - kernel-linus-devel-latest-4.4.82-1.mga5.i586 - kernel-linus-latest-4.4.82-1.mga5.i586 - kernel-userspace-headers-4.4.82-1.mga5.i586 VM re-booted normally $ uname -r 4.4.82-1.mga5 No regressions noted OK for mga5-32 in a vbox VM
Advisory: This kernel update is based on upstream 4.4.82 and fixes atleast the following security issues: The curseg->segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and controlled by the malware (CVE-2017-10663). The UDP Fragmentation Offload (UFO) feature is vulnerable to out-of-bounds writes causing exploitable memory corruption. If unprivileged user namespaces are available, this bug can be exploited to gain root privileges (CVE-2017-1000112). For other upstream fixes in this update, read the referenced changelogs.
Whiteboard: (none) => advisory
Testing M5_64 real h/w with Radeon video kernel-linus-4.4.82-1.mga5-1-1.mga5 kernel-linus-latest-4.4.82-1.mga5 $ uname -r 4.4.82-1.mga5 Chose explicitly from the boot menu 'advanced' entry. Using with no apparent problems. OK for me. OKing for M5/64 in the light of other real h/w good reports.
CC: (none) => lewyssmithWhiteboard: advisory => advisory MGA5-64-OK
In a Vbox client, M5.1, KDE, 32-bit Testing: kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.82-1.mga5 #1 SMP Sun Aug 13 18:22:05 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.4.82-1.mga5.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.intWhiteboard: advisory MGA5-64-OK => advisory MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0309.html
Status: NEW => RESOLVEDResolution: (none) => FIXED