Bug 21523 - Update request: kernel-linus-4.4.82-1.mga5
Summary: Update request: kernel-linus-4.4.82-1.mga5
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-32-OK MGA5-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-08-13 23:53 CEST by Thomas Backlund
Modified: 2017-08-25 23:53 CEST (History)
5 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2017-08-13 23:53:53 CEST
New kernels to test, contains security fixes for atleast a local root exploit, advisory will follow...


SRPMS:
kernel-linus-4.4.82-1.mga5.src.rpm


i586:
kernel-linus-4.4.82-1.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-latest-4.4.82-1.mga5.i586.rpm
kernel-linus-doc-4.4.82-1.mga5.noarch.rpm
kernel-linus-latest-4.4.82-1.mga5.i586.rpm
kernel-linus-source-4.4.82-1.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.4.82-1.mga5.noarch.rpm


x86_64:
kernel-linus-4.4.82-1.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-latest-4.4.82-1.mga5.x86_64.rpm
kernel-linus-doc-4.4.82-1.mga5.noarch.rpm
kernel-linus-latest-4.4.82-1.mga5.x86_64.rpm
kernel-linus-source-4.4.82-1.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.4.82-1.mga5.noarch.rpm
Comment 1 Len Lawrence 2017-08-14 13:49:39 CEST
Mageia release 5 (Official) for x86_64
4.4.79-desktop-1.mga5 : nvidia 375.66
Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
NVIDIA Corporation GM204 [GeForce GTX 970] 
RAM 31.38 GB
UEFI boot

The packages installed cleanly.  As this is a multiboot system it was necessary to run 'drakboot --boot' to configure and reinstall the bootloader.
Rebooted to Mate.  nvidia-current built during the boot process.
$ uname -r
4.4.82-1.mga5

stellarium launched fine.  It had been installed as a noarch package with most subsidiary packages drawn from i586/media/core/updates.  No problems running it.  glmark2 installed from local RPMs as a mixed noarch/i686 package.  That also launched and ran.
Other stress tests completed successfully.
Networking and NFS shares working OK.

CC: (none) => tarazed25

Comment 2 James Kerr 2017-08-14 17:41:25 CEST
On mga5-64

Packages installed cleanly:
- kernel-linus-4.4.82-1.mga5-1-1.mga5.x86_64
- kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.x86_64
- kernel-linus-devel-latest-4.4.82-1.mga5.x86_64
- kernel-linus-latest-4.4.82-1.mga5.x86_64
- kernel-userspace-headers-4.4.82-1.mga5.x86_64

Executed drakboot --boot to re-install boot loader

System re-booted normally from the default "Mageia" entry 
$ uname -r
4.4.82-1.mga5

No regressions noted

Virtualbox and client launched normally

OK for mga5-64 on this system:

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
PC-BIOS boot
GPT partitions

CC: (none) => jim

Comment 3 James Kerr 2017-08-14 17:49:24 CEST
On mga5-32 in a vbox VM

Packages installed cleanly:
- kernel-linus-4.4.82-1.mga5-1-1.mga5.i586
- kernel-linus-devel-4.4.82-1.mga5-1-1.mga5.i586
- kernel-linus-devel-latest-4.4.82-1.mga5.i586
- kernel-linus-latest-4.4.82-1.mga5.i586
- kernel-userspace-headers-4.4.82-1.mga5.i586

VM re-booted normally
$ uname -r
4.4.82-1.mga5

No regressions noted

OK for mga5-32 in a vbox VM
Comment 4 Thomas Backlund 2017-08-18 18:47:39 CEST
Advisory:

  This kernel update is based on upstream 4.4.82 and fixes atleast the
  following security issues:

  The curseg->segno call in f2fs driver can be malformed so that it will have
  a value that triggers an out of boundary write that could cause memory
  corruption on the affected devices, leading to code execution in the kernel
  context. This would allow for more data to be accessed and controlled by
  the malware (CVE-2017-10663).

  The UDP Fragmentation Offload (UFO) feature is vulnerable to out-of-bounds
  writes causing exploitable memory corruption. If unprivileged user
  namespaces are available, this bug can be exploited to gain root privileges
  (CVE-2017-1000112).

  For other upstream fixes in this update, read the referenced changelogs.

Whiteboard: (none) => advisory

Comment 5 Lewis Smith 2017-08-20 09:56:54 CEST
Testing M5_64 real h/w with Radeon video

kernel-linus-4.4.82-1.mga5-1-1.mga5
kernel-linus-latest-4.4.82-1.mga5
 $ uname -r
 4.4.82-1.mga5
Chose explicitly from the boot menu 'advanced' entry. Using with no apparent problems. OK for me.
OKing for M5/64 in the light of other real h/w good reports.

CC: (none) => lewyssmith
Whiteboard: advisory => advisory MGA5-64-OK

Comment 6 William Kenney 2017-08-25 22:27:55 CEST
In a Vbox client, M5.1, KDE, 32-bit

Testing: kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.4.82-1.mga5 #1 SMP Sun Aug 13 18:22:05 UTC 2017 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-4.4.82-1.mga5.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int
Whiteboard: advisory MGA5-64-OK => advisory MGA5-32-OK MGA5-64-OK

Comment 7 William Kenney 2017-08-25 22:28:28 CEST
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2017-08-25 23:53:52 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0309.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.