Nwe kernel-linus update for several security + other fixes... Advisory will follow... SRPMS: kernel-linus-4.9.56-1.mga6.src.rpm i586: kernel-linus-4.9.56-1.mga6-1-1.mga6.i586.rpm kernel-linus-devel-4.9.56-1.mga6-1-1.mga6.i586.rpm kernel-linus-devel-latest-4.9.56-1.mga6.i586.rpm kernel-linus-doc-4.9.56-1.mga6.noarch.rpm kernel-linus-latest-4.9.56-1.mga6.i586.rpm kernel-linus-source-4.9.56-1.mga6-1-1.mga6.noarch.rpm kernel-linus-source-latest-4.9.56-1.mga6.noarch.rpm x86_64: kernel-linus-4.9.56-1.mga6-1-1.mga6.x86_64.rpm kernel-linus-devel-4.9.56-1.mga6-1-1.mga6.x86_64.rpm kernel-linus-devel-latest-4.9.56-1.mga6.x86_64.rpm kernel-linus-doc-4.9.56-1.mga6.noarch.rpm kernel-linus-latest-4.9.56-1.mga6.x86_64.rpm kernel-linus-source-4.9.56-1.mga6-1-1.mga6.noarch.rpm kernel-linus-source-latest-4.9.56-1.mga6.noarch.rpm
Mageia release 6 (Official) for x86_64 4.9.43-desktop-1.mga6 Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz NVIDIA Corporation GK104 [GeForce GTX 770] nvidia 384.59 Mobo: Gigabyte model: G1.Sniper Z97 v: x.x Bios: American Megatrends v: F6 date: 05/30/2014 Installed the updates. # drakboot --boot Rebooted from commandline and ran into trouble. The system got stuck in a loop unmounting /data to target shtutdown, all OKs. Had to hit the reset button. Could this have anything to do with installing cpupower at the same time? Mismatched kernels? Rebooted to Mate desktop. nvidia-current rebuilt before that. $ uname -r 4.9.56-1.mga6 Everything working normally. bluetooth + blueman + pulseaudio + btusb OK. HD TV courtesy of vlc. mplayer for Youtube videos. sox/play for WAV files. Sound and vision OK. LibreOffice writer. Network shares mounted automatically. Images display with eom, gqview, gwenview. No problems with any of the common desktop applications. Local ruby scripts work fine.
CC: (none) => tarazed25
On real hardware, M6, Plasma, 64-bit Testing: kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.9.56-1.mga6 #1 SMP Thu Oct 12 22:57:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.9.56-1.mga6.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.int
Whiteboard: (none) => MGA6-64-OK
Advisory (added to svn): This kernel update is based on upstream 4.9.56 and fixes atleast the following security issues: A flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest (CVE-2017-7518). A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace (CVE-2017-7558). A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153). Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154). The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (CVE-2017-14106). The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156). It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489). The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991). The tpacket_rcv() function in 'net/packet/af_packet.c' file in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls (CVE-2017-14497). A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252).
Keywords: (none) => advisory
Mageia release 6 (Official) for x86_64 4.9.50-1.mga6 Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz NVIDIA Corporation GK107M [GeForce GT 650M] GLX Renderer: GeForce GT 650M/PCIe/SSE2 GLX Version: 4.5.0 NVIDIA 384.59 Mobo: LENOVO model: INVALID v: 31900003WIN8 STD MLT Installed updates: - kernel-linus-4.9.56-1.mga6-1-1.mga6.x86_64 - kernel-linus-devel-4.9.56-1.mga6-1-1.mga6.x86_64 - kernel-linus-devel-latest-4.9.56-1.mga6.x86_64 - kernel-linus-latest-4.9.56-1.mga6.x86_64 - kernel-linus-source-4.9.56-1.mga6-1-1.mga6.noarch - kernel-linus-source-latest-4.9.56-1.mga6.noarch nvidia-current rebuilt # drakboot --boot Rebooted to Mate desktop. $ uname -r 4.9.56-1.mga6 Ran stress tests, successfully, then glmark2 official. All aspects of the desktop are in working order, including NFS shares and wifi networking. Installed blueman and ran blueman-assistant to pair with a SoundTouch soundbar, pavucontrol to switch from the internal speaker to external. The process was very quick, a matter of seconds. blueman is now very reliable. Sound and vision with vlc. Inatalled virtualbox and ran dkms-virtualbox. Booted a 32-bit vdi to Plasma on mga6, nokmsboot parameter was needed. That ran fine.
mga6::x86_64 Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz NVIDIA Corporation GM204M [GeForce GTX 965M] RAM 15.63 GB nvidia 384.59 Installed kernel-linus. # drakboot --boot Rebooted to Mate. nvidia kmod rebuilt during boot sequence. $ uname -r 4.9.56-1.mga6 Ran stress tests, glxspheres64, glmark2. Ran several desktop applications and noticed no regressions. NFS shares working. wifi networking OK. This installation is good.
On real hardware, M6, Xfce, 32-bit Testing: kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.9.56-1.mga6 #1 SMP Thu Oct 12 23:25:52 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.9.56-1.mga6.i586 is already installed
Whiteboard: MGA6-64-OK => MGA6-32-OK MGA6-64-OK
This update works fine. Testing complete for MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0383.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED