Nwe kernel update for several security + other fixes... Advisory will follow... SRPMS: kernel-4.4.92-1.mga5.src.rpm kernel-userspace-headers-4.4.92-1.mga5.src.rpm kmod-vboxadditions-5.1.26-4.mga5.src.rpm kmod-virtualbox-5.1.26-4.mga5.src.rpm kmod-xtables-addons-2.10-48.mga5.src.rpm i586: cpupower-4.4.92-1.mga5.i586.rpm cpupower-devel-4.4.92-1.mga5.i586.rpm kernel-desktop-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-desktop586-devel-latest-4.4.92-1.mga5.i586.rpm kernel-desktop586-latest-4.4.92-1.mga5.i586.rpm kernel-desktop-devel-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-desktop-devel-latest-4.4.92-1.mga5.i586.rpm kernel-desktop-latest-4.4.92-1.mga5.i586.rpm kernel-doc-4.4.92-1.mga5.noarch.rpm kernel-server-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-server-devel-latest-4.4.92-1.mga5.i586.rpm kernel-server-latest-4.4.92-1.mga5.i586.rpm kernel-source-4.4.92-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.92-1.mga5.noarch.rpm kernel-userspace-headers-4.4.92-1.mga5.i586.rpm perf-4.4.92-1.mga5.i586.rpm vboxadditions-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.i586.rpm vboxadditions-kernel-4.4.92-desktop586-1.mga5-5.1.26-4.mga5.i586.rpm vboxadditions-kernel-4.4.92-server-1.mga5-5.1.26-4.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.1.26-4.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.1.26-4.mga5.i586.rpm vboxadditions-kernel-server-latest-5.1.26-4.mga5.i586.rpm virtualbox-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.i586.rpm virtualbox-kernel-4.4.92-desktop586-1.mga5-5.1.26-4.mga5.i586.rpm virtualbox-kernel-4.4.92-server-1.mga5-5.1.26-4.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.1.26-4.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.1.26-4.mga5.i586.rpm virtualbox-kernel-server-latest-5.1.26-4.mga5.i586.rpm xtables-addons-kernel-4.4.92-desktop-1.mga5-2.10-48.mga5.i586.rpm xtables-addons-kernel-4.4.92-desktop586-1.mga5-2.10-48.mga5.i586.rpm xtables-addons-kernel-4.4.92-server-1.mga5-2.10-48.mga5.i586.rpm xtables-addons-kernel-desktop586-latest-2.10-48.mga5.i586.rpm xtables-addons-kernel-desktop-latest-2.10-48.mga5.i586.rpm xtables-addons-kernel-server-latest-2.10-48.mga5.i586.rpm x86_64: cpupower-4.4.92-1.mga5.x86_64.rpm cpupower-devel-4.4.92-1.mga5.x86_64.rpm kernel-desktop-4.4.92-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-4.4.92-1.mga5-1-1.mga5.x86_64.rpm kernel-desktop-devel-latest-4.4.92-1.mga5.x86_64.rpm kernel-desktop-latest-4.4.92-1.mga5.x86_64.rpm kernel-doc-4.4.92-1.mga5.noarch.rpm kernel-server-4.4.92-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-4.4.92-1.mga5-1-1.mga5.x86_64.rpm kernel-server-devel-latest-4.4.92-1.mga5.x86_64.rpm kernel-server-latest-4.4.92-1.mga5.x86_64.rpm kernel-source-4.4.92-1.mga5-1-1.mga5.noarch.rpm kernel-source-latest-4.4.92-1.mga5.noarch.rpm kernel-userspace-headers-4.4.92-1.mga5.x86_64.rpm perf-4.4.92-1.mga5.x86_64.rpm vboxadditions-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.x86_64.rpm vboxadditions-kernel-4.4.92-server-1.mga5-5.1.26-4.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.1.26-4.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.1.26-4.mga5.x86_64.rpm virtualbox-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.x86_64.rpm virtualbox-kernel-4.4.92-server-1.mga5-5.1.26-4.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.1.26-4.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.1.26-4.mga5.x86_64.rpm xtables-addons-kernel-4.4.92-desktop-1.mga5-2.10-48.mga5.x86_64.rpm xtables-addons-kernel-4.4.92-server-1.mga5-2.10-48.mga5.x86_64.rpm xtables-addons-kernel-desktop-latest-2.10-48.mga5.x86_64.rpm xtables-addons-kernel-server-latest-2.10-48.mga5.x86_64.rpm
In a Vbox client, M5.1, KDE, 64bit Testing: kernel-desktop-latest vboxadditions-kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.88-desktop-1.mga5 #1 SMP Thu Sep 14 00:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.88-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.1.26-3.mga5.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Installed kernel-desktop-latest vboxadditions-kernel-desktop-latest from updates testing Reboot client [root@localhost wilcal]# uname -a Linux localhost 4.9.56-desktop-1.mga6 #1 SMP Thu Oct 12 22:55:31 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.9.56-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.1.26-6.mga6.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.int
In a Vbox client, M5.1, KDE, 32bit Testing: kernel-desktop-latest vboxadditions-kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.88-desktop-1.mga5 #1 SMP Thu Sep 14 00:19:53 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.88-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.1.26-3.mga5.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Installed kernel-desktop-latest vboxadditions-kernel-desktop-latest from updates testing Reboot client [root@localhost wilcal]# uname -a Linux localhost 4.4.92-desktop-1.mga5 #1 SMP Thu Oct 12 20:29:18 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.92-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.1.26-4.mga5.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
Installed and tested without issues. A full day of normal use with many programs tested/used, without any noticeable issues. System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU with proprietary driver nvidia340. $ uname -a Linux marte 4.4.92-desktop-1.mga5 #1 SMP Thu Oct 12 20:14:45 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ uptime 01:23:54 up 15:52, 3 users, load average: 0,55, 0,59, 0,54 $ rpm -qa | grep 4\.4\.92 | sort cpupower-4.4.92-1.mga5 kernel-desktop-4.4.92-1.mga5-1-1.mga5 kernel-desktop-devel-4.4.92-1.mga5-1-1.mga5 kernel-desktop-devel-latest-4.4.92-1.mga5 kernel-desktop-latest-4.4.92-1.mga5 kernel-userspace-headers-4.4.92-1.mga5 perf-4.4.92-1.mga5 $ rpm -qa | egrep 'virtualbox|nvidia' | sort dkms-nvidia340-340.101-1.mga5.nonfree dkms-virtualbox-5.1.26-1.mga5 nvidia340-cuda-opencl-340.101-1.mga5.nonfree nvidia340-devel-340.101-1.mga5.nonfree nvidia340-kernel-desktop-latest-340.96-6.mga5.nonfree virtualbox-5.1.26-1.mga5 virtualbox-doc-5.1.26-1.mga5 x11-driver-video-nvidia340-340.101-1.mga5.nonfree
Whiteboard: (none) => MGA5-64-OKCC: (none) => mageia
mga5::x86_64 Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz NVIDIA Corporation GK104 [GeForce GTX 770 Ran the updates from updates testing and non free updates testing. - cpupower-4.4.92-1.mga5.x86_64.rpm - cpupower-devel-4.4.92-1.mga5.x86_64.rpm - kernel-desktop-4.4.92-1.mga5-1-1.mga5.x86_64.rpm - kernel-desktop-devel-4.4.92-1.mga5-1-1.mga5.x86_64.rpm - kernel-desktop-devel-latest-4.4.92-1.mga5.x86_64.rpm - kernel-desktop-latest-4.4.92-1.mga5.x86_64.rpm - kernel-doc-4.4.92-1.mga5.noarch - kernel-userspace-headers-4.4.92-1.mga5.x86_64 - kernel-source-4.4.92-1.mga5 - kernel-source-latest - perf-4.4.92-1.mga5 These already installed: virtualbox-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.x86_64 virtualbox-kernel-desktop-latest-5.1.26-6.mga6.x86_64 xtables-addons-kernel-desktop-latest-2.10-48.mga5.x86_64 $ drakboot --boot $ reboot Rebooted to Mate desktop. $ uname -r 4.4.92-desktop-1.mga5 Two Desktop icons confirmed that the network shared directories had been mounted. $ ls pad/qa | wc -l 231 Ran stress tests and glmark2. There was an initial problem with the disk bashing test. Three processes were spawned which did not terminate and could not be killed with SIGTERM - status D. Logging out and in usually killed them but one time they came back to life and continued for a while before running out of steam. These tests were run in a network mounted directory. The problem did not recur when the test was run from a local directory. A lesson learned. pulseaudio running. Watched terrestrial HD TV using vlc. Managed to get sound via Bluetooth and blueman. Remote SSH login to another machine on the LAN was OK using known_hosts. Other common desktop applications running fine.
CC: (none) => tarazed25
kernel-desktop on mga5-64 Packages installed cleanly: - cpupower-4.4.92-1.mga5.x86_64 - kernel-desktop-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-desktop-latest-4.4.92-1.mga5.x86_64 - kernel-userspace-headers-4.4.92-1.mga5.x86_64 - virtualbox-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.x86_64 - virtualbox-kernel-desktop-latest-5.1.26-4.mga5.x86_64 System re-booted nrmally: $ uname -r 4.4.92-desktop-1.mga5 no regressions noted virtualbox and client launched normally OK for mga5-64 on this system: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 Card: Intel HD Graphics 530 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) PC-BIOS boot GPT partitions
CC: (none) => jim
kernel-desktop on mga5-32 in a vbox VM: Packages installed cleanly: - cpupower-4.4.92-1.mga5.i586 - kernel-desktop-4.4.92-1.mga5-1-1.mga5.i586 - kernel-desktop-latest-4.4.92-1.mga5.i586 - kernel-userspace-headers-4.4.92-1.mga5.i586 - vboxadditions-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.i586 - vboxadditions-kernel-desktop-latest-5.1.26-4.mga5.i586 VM re-booted normally: [jim@mga5-32 ~]$ uname -r 4.4.92-desktop-1.mga5 No regressions noted OK for mga5-32 in a vbox VM
mga5::x86_64 4.4.88-desktop-1.mga5 Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz NVIDIA Corporation GM204 [GeForce GTX 970] nvidia 384.59 Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0 Updates: - cpupower-4.4.92-1.mga5.x86_64 - cpupower-devel-4.4.92-1.mga5.x86_64 - kernel-desktop-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-desktop-devel-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-desktop-devel-latest-4.4.92-1.mga5.x86_64 - kernel-desktop-latest-4.4.92-1.mga5.x86_64 - kernel-doc-4.4.92-1.mga5.noarch - kernel-userspace-headers-4.4.92-1.mga5.x86_64 - ldetect-lst-0.1.346.8-1.mga5.x86_64 - ldetect-lst-devel-0.1.346.8-1.mga5.x86_64 - perf-4.4.92-1.mga5.x86_64 - xtables-addons-kernel-4.4.92-desktop-1.mga5-2.10-48.mga5.x86_64 - xtables-addons-kernel-desktop-latest-2.10-48.mga5.x86_64 - virtualbox-kernel-4.4.92-desktop-1.mga5-5.1.26-4.mga5.x86_64 - virtualbox-kernel-desktop-latest-5.1.26-4.mga5.x86_64 nvidia-current module built during the installation. $ drakboot --boot Rebooted to Mate desktop. Video and graphics across the LAN on remote login. Network shares mounted and usable - read/write working. stellarium OK. Installed gwenview and 183 KDE support packages and browsed an image directory. Everything else was working. Installed virtualbox and booted one of the guest systems and configured it. Ran stress in all four modes. OK. Fedora glmark2 2012.12. This ran four times faster than the mga6 version.
Advisory (also added to svn) This kernel update is based on upstream 4.4.92 and fixes atleast the following security issues: A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153). Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154). The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (CVE-2017-14106). The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156). It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489). The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991). A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252).
Keywords: (none) => advisory
Blocks: (none) => 21901
MGA5-32 on Asus A6000VM Xfce No installation issues Tested .doc file, played movie and music file, viewed some pictures, visited website wit text, pictures and movie. All OK, no obvious problems
CC: (none) => herman.viaene
No issues found using this while running other tests. OK for me.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
Lets move this one on. This update works fine. Testing complete for MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Correction to: Testing complete for MGA6, 32-bit & 64-bit Should be: Testing complete for MGA5, 32-bit & 64-bit
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0386.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
*** Bug 21663 has been marked as a duplicate of this bug. ***
CC: (none) => luigiwalser