Nwe kernel-linus update for several security + other fixes... Advisory will follow... SRPMS: kernel-linus-4.4.92-1.mga5.src.rpm i586: kernel-linus-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.92-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.92-1.mga5.i586.rpm kernel-linus-doc-4.4.92-1.mga5.noarch.rpm kernel-linus-latest-4.4.92-1.mga5.i586.rpm kernel-linus-source-4.4.92-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.92-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.92-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.92-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.92-1.mga5.x86_64.rpm kernel-linus-doc-4.4.92-1.mga5.noarch.rpm kernel-linus-latest-4.4.92-1.mga5.x86_64.rpm kernel-linus-source-4.4.92-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.92-1.mga5.noarch.rpm
Mageia release 5 (Official) for x86_64 4.4.92-desktop-1.mga5 Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz NVIDIA Corporation GK104 [GeForce GTX 770] nvidia 384.59 Mobo: Gigabyte model: G1.Sniper Z97 v: x.x Bios: American Megatrends v: F6 date: 05/30/2014 Updates: - kernel-linus-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-linus-devel-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-linus-devel-latest-4.4.92-1.mga5.x86_64 - kernel-linus-doc-4.4.92-1.mga5.noarch - kernel-linus-latest-4.4.92-1.mga5.x86_64 - kernel-linus-source-4.4.92-1.mga5-1-1.mga5.noarch - kernel-linus-source-latest-4.4.92-1.mga5.noarch modules built: nvidia-current (384.59-1.mga5.nonfree) virtualbox (5.1.26-1.mga5) # drakboot --boot Rebooted to Mate desktop. $ uname -r 4.4.92-1.mga5 Network shares mounted OK. Remote login on LAN. X working fine over the network. Looked at some desktop applications and tried out vlc for video and TV. HD TV and bluetooth sound worked well with kaffeine also. Added a wifi printer under HPLIP and printed a testpage from CUPS in firefox. virtualbox working fine. Ran up all four VDIs in succession and logged in to each. Logged out to try GNOME, then GNOME Classic. They worked fine. GNOME Wayland came straight back to the login prompt. Generally speaking this kernel appears to be OK.
CC: (none) => tarazed25
On real hardware, M5.1, Plasma, 64-bit Testing: kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.92-1.mga5 #1 SMP Thu Oct 12 22:06:32 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.4.92-1.mga5.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.int
Whiteboard: (none) => MGA5-64-OK
Advisory (also added to svn) This kernel update is based on upstream 4.4.92 and fixes atleast the following security issues: A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153). Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154). The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (CVE-2017-14106). The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156). It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489). The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991). A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252).
Keywords: (none) => advisory
Host: markab Kernel: 4.4.92-tmb-desktop-1.mga5 x86_64 Mobo: GIGABYTE model: X5 Quad core Intel Core i7-5700HQ (-HT-MCP-) clocked at 2700 MHz Card-1: NVIDIA GM204M [GeForce GTX 965M] Card-2: NVIDIA GM204M [GeForce GTX 965M] GLX Renderer: GeForce GTX 965M/PCIe/SSE2 GLX Version: 4.5.0 NVIDIA 384.59 RAM: 1094.9/15980.6MB Installed: - kernel-linus-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-linus-devel-4.4.92-1.mga5-1-1.mga5.x86_64 - kernel-linus-devel-latest-4.4.92-1.mga5.x86_64 - kernel-linus-doc-4.4.92-1.mga5.noarch - kernel-linus-latest-4.4.92-1.mga5.x86_64 - kernel-linus-source-4.4.92-1.mga5-1-1.mga5.noarch - kernel-linus-source-latest-4.4.92-1.mga5.noarch # drakboot --boot Rebooted to Mate desktop $ uname -r 4.4.92-1.mga5 stress tests, glxsphere64 and glmark2 ran fine. Sound and video working, image viewers, urpmi, mcc, common desktop applications, all OK.
In a Vbox client, M5.1, KDE, 32-bit Testing: kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.92-1.mga5 #1 SMP Thu Oct 12 21:42:19 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.4.92-1.mga5.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
Correction to Comment 2 Line "On real hardware, M5.1, Plasma, 64-bit" Should read "On real hardware, M5.1, KDE, 64-bit"
This update works fine. Testing complete for MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0387.html
Status: NEW => RESOLVEDResolution: (none) => FIXED