Updated kernels fixing various security issues, including the "BlueBorne" bluetooth remote code execution CVE-2017-1000251 ... Advisory will follow... SRPMS: kernel-tmb-4.9.50-1.mga6.src.rpm i586: kernel-tmb-desktop-4.9.50-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-4.9.50-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-latest-4.9.50-1.mga6.i586.rpm kernel-tmb-desktop-latest-4.9.50-1.mga6.i586.rpm kernel-tmb-source-4.9.50-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.9.50-1.mga6.noarch.rpm x86_64: kernel-tmb-desktop-4.9.50-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-4.9.50-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-latest-4.9.50-1.mga6.x86_64.rpm kernel-tmb-desktop-latest-4.9.50-1.mga6.x86_64.rpm kernel-tmb-source-4.9.50-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.9.50-1.mga6.noarch.rpm
mga6 UEFI x86_64 4.9.43-desktop-1.mga6 Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz NVIDIA Corporation GM204 [GeForce GTX 970] RAM 31.37 GB Installed: - bluez-5.45-2.1.mga6.x86_64 - kernel-tmb-desktop-4.9.50-1.mga6-1-1.mga6.x86_64 - kernel-tmb-desktop-devel-4.9.50-1.mga6-1-1.mga6.x86_64 - kernel-tmb-desktop-devel-latest-4.9.50-1.mga6.x86_64 - kernel-tmb-desktop-latest-4.9.50-1.mga6.x86_64 - kernel-tmb-source-4.9.50-1.mga6-1-1.mga6.noarch - kernel-tmb-source-latest-4.9.50-1.mga6.noarch - lib64bluez3-5.45-2.1.mga6.x86_64 $ drakboot --boot $ reboot Mate desktop completely functional. NFS OK. Installed pending updates. $ uname -r 4.9.50-tmb-desktop-1.mga6 $ stress -c 5 -t 30 $ stress -m 4 -t 30 $ stress -d 4 -t 30 $ stellarium No problems. $ glmark2 score = 7062 (relatively low for this machine). One core fully occupied. bluetoothd running. Used blueman-assistant, hcitool and bluetoothctl to connect wireless speaker to audio sink and monitor operations. @tmb Is that all we need to do re the Blueborne vulnerability?
CC: (none) => tarazed25
(In reply to Len Lawrence from comment #1) > bluetoothd running. > Used blueman-assistant, hcitool and bluetoothctl to connect wireless speaker > to audio sink and monitor operations. > > @tmb Is that all we need to do re the Blueborne vulnerability? yeah, that's enough
Tested on both real hardware, and under vb, both arches. Adding the OKs.
Whiteboard: (none) => MGA6-64-OK MGA6-32-OKCC: (none) => davidwhodgins
Advisory: This kernel-tmb update is based on upstream 4.9.50 and fixes atleast the following security issues: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600). The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (CVE-2017-12134 / XSA-229). The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (CVE-2017-14340). The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (CVE-2017-1000251). For other upstream fixes in this update, read the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=21709 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50
Whiteboard: MGA6-64-OK MGA6-32-OK => MGA6-64-OK MGA6-32-OK advisory
Keywords: (none) => advisory, validated_updateWhiteboard: MGA6-64-OK MGA6-32-OK advisory => MGA6-64-OK MGA6-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0343.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED