Updated kernels fixing various security issues, including the "BlueBorne" bluetooth remote code execution CVE-2017-1000251 ... Advisory will follow... SRPMS: kernel-4.4.88-1.mga5.src.rpm kernel-userspace-headers-4.4.88-1.mga5.src.rpm kmod-vboxadditions-5.1.26-3.mga5.src.rpm kmod-virtualbox-5.1.26-3.mga5.src.rpm kmod-xtables-addons-2.10-46.mga5.src.rpm i586: cpupower-4.4.88-1.mga5.i586.rpm cpupower-devel-4.4.88-1.mga5.i586.rpm kernel-desktop-4.4.88-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-4.4.88-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-4.4.88-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-latest-4.4.88-1.mga5.i586.rpm kernel-desktop586-latest-4.4.88-1.mga5.i586.rpm kernel-desktop-devel-4.4.88-1.mga5-1-1.mga5.i586.rpm kernel-desktop-devel-latest-4.4.88-1.mga5.i586.rpm kernel-desktop-latest-4.4.88-1.mga5.i586.rpm kernel-doc-4.4.88-1.mga5.noarch.rpm kernel-server-4.4.88-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-4.4.88-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-latest-4.4.88-1.mga5.i586.rpm kernel-server-latest-4.4.88-1.mga5.i586.rpm kernel-source-4.4.88-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.88-1.mga5.noarch.rpm kernel-userspace-headers-4.4.88-1.mga5.i586.rpm perf-4.4.88-1.mga5.i586.rpm vboxadditions-kernel-4.4.88-desktop-1.mga5-5.1.26-3.mga5.i586.rpm vboxadditions-kernel-4.4.88-desktop586-1.mga5-5.1.26-3.mga5.i586.rpm vboxadditions-kernel-4.4.88-server-1.mga5-5.1.26-3.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.1.26-3.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.1.26-3.mga5.i586.rpm vboxadditions-kernel-server-latest-5.1.26-3.mga5.i586.rpm virtualbox-kernel-4.4.88-desktop-1.mga5-5.1.26-3.mga5.i586.rpm virtualbox-kernel-4.4.88-desktop586-1.mga5-5.1.26-3.mga5.i586.rpm virtualbox-kernel-4.4.88-server-1.mga5-5.1.26-3.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.1.26-3.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.1.26-3.mga5.i586.rpm virtualbox-kernel-server-latest-5.1.26-3.mga5.i586.rpm xtables-addons-kernel-4.4.88-desktop-1.mga5-2.10-46.mga5.i586.rpm xtables-addons-kernel-4.4.88-desktop586-1.mga5-2.10-46.mga5.i586.rpm xtables-addons-kernel-4.4.88-server-1.mga5-2.10-46.mga5.i586.rpm xtables-addons-kernel-desktop586-latest-2.10-46.mga5.i586.rpm xtables-addons-kernel-desktop-latest-2.10-46.mga5.i586.rpm xtables-addons-kernel-server-latest-2.10-46.mga5.i586.rpm x86_64: cpupower-4.4.88-1.mga5.x86_64.rpm cpupower-devel-4.4.88-1.mga5.x86_64.rpm kernel-desktop-4.4.88-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-4.4.88-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-latest-4.4.88-1.mga5.x86_64.rpm kernel-desktop-latest-4.4.88-1.mga5.x86_64.rpm kernel-doc-4.4.88-1.mga5.noarch.rpm kernel-server-4.4.88-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-4.4.88-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-latest-4.4.88-1.mga5.x86_64.rpm kernel-server-latest-4.4.88-1.mga5.x86_64.rpm kernel-source-4.4.88-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.88-1.mga5.noarch.rpm kernel-userspace-headers-4.4.88-1.mga5.x86_64.rpm perf-4.4.88-1.mga5.x86_64.rpm vboxadditions-kernel-4.4.88-desktop-1.mga5-5.1.26-3.mga5.x86_64.rpm vboxadditions-kernel-4.4.88-server-1.mga5-5.1.26-3.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.1.26-3.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.1.26-3.mga5.x86_64.rpm virtualbox-kernel-4.4.88-server-1.mga5-5.1.26-3.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.1.26-3.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.1.26-3.mga5.x86_64.rpm xtables-addons-kernel-4.4.88-desktop-1.mga5-2.10-46.mga5.x86_64.rpm xtables-addons-kernel-4.4.88-server-1.mga5-2.10-46.mga5.x86_64.rpm xtables-addons-kernel-desktop-latest-2.10-46.mga5.x86_64.rpm xtables-addons-kernel-server-latest-2.10-46.mga5.x86_64.rpm
Tested on both real hardware, and under vb, both arches. Adding the OKs.
Whiteboard: (none) => MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins
Advisory; This kernel update is based on upstream 4.4.88 and fixes atleast the following security issues: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600). The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (CVE-2017-12134 / XSA-229). The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (CVE-2017-14340). The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (CVE-2017-1000251). For other upstream fixes in this update, read the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=21711 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.83 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.84 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.85 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.86 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.87 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.88
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory
Whiteboard: MGA5-64-OK MGA5-32-OK advisory => MGA5-64-OK MGA5-32-OKKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
AMD X3-3800, AMD Graphics The following 5 packages are going to be installed: - kernel-desktop-4.4.88-1.mga5-1-1.mga5.x86_64 - vboxadditions-kernel-4.4.88-desktop-1.mga5-5.1.26-3.mga5.x86_64 - vboxadditions-kernel-desktop-latest-5.1.26-3.mga5.x86_64 - virtualbox-kernel-4.4.88-desktop-1.mga5-5.1.26-3.mga5.x86_64 - virtualbox-kernel-desktop-latest-5.1.26-3.mga5.x86_64 54MB of additional disk space will be used. 48MB of packages will be retrieved. Is it ok to continue? – after reboot $ uname -a Linux localhost 4.4.88-desktop-1.mga5 #1 SMP Thu Sep 14 00:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux – Ran virtualbox on hardware – able to spin up an entity and connect to shared drive. --- working as designed. Will test bluetooth on mga6
CC: (none) => brtians1
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0345.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED