New security issues fixed. Advisory will follow... SRPMS: kernel-linus-4.4.105-1.mga5.src.rpm i586: kernel-linus-4.4.105-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.105-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.105-1.mga5.i586.rpm kernel-linus-doc-4.4.105-1.mga5.noarch.rpm kernel-linus-latest-4.4.105-1.mga5.i586.rpm kernel-linus-source-4.4.105-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.105-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.105-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.105-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.105-1.mga5.x86_64.rpm kernel-linus-doc-4.4.105-1.mga5.noarch.rpm kernel-linus-latest-4.4.105-1.mga5.x86_64.rpm kernel-linus-source-4.4.105-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.105-1.mga5.noarch.rpm
Installed the linus kernel. $ drakboot --boot Rebooted. $ uname -r 4.4.105-1.mga5 System: Host: markab Kernel: 4.4.105-1.mga5 x86_64 (64 bit) Desktop: MATE 1.8.1 Distro: Mageia 5 thornicroft Machine: Mobo: GIGABYTE model: X5 Bios: American Megatrends v: FD05 date: 07/29/2015 Network: Card-1: Qualcomm Atheros Killer E220x Gigabit Ethernet Controller driver: alx Card-2: Intel Wireless 7265 driver: iwlwifi Graphics: Card-1: NVIDIA GM204M [GeForce GTX 965M] Card-2: NVIDIA GM204M [GeForce GTX 965M] Display Server: X.Org 1.16.4 drivers: nvidia,v4l GLX Version: 4.5.0 NVIDIA 384.98 RAM: 15.63 GB Ran stress tests. glmark2 = 9735. Common desktop applications continue to work. Installed sox and played a wav file. vlc and Youtube music video. libreoffice writer OK. Tried out the GIMP and various image viewers. 64-bit OK.
CC: (none) => tarazed25
Mageia 5 :: x86_64 kernel 4.4.92-desktop-1.mga5 Updated to kernel linus. $ sudo drakboot --boot Rebooted to working Mate desktop. System: Host: vega Kernel: 4.4.105-1.mga5 x86_64 (64 bit) Desktop: N/A Distro: Mageia 5 thornicroft Machine: Mobo: Gigabyte model: G1.Sniper Z97 v: x.x Bios: American Megatrends v: F6 date: 05/30/2014 Network: Card-1: Qualcomm Atheros Killer E220x Gigabit Ethernet Controller driver: alx Card-2: Ralink RT3090 Wireless 802.11n 1T/1R PCIe driver: rt2800pci Graphics: Card-1: Intel Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller Card-2: NVIDIA GK104 [GeForce GTX 770] Display Server: X.Org 1.16.4 drivers: nvidia,v4l,intel Resolution: 2560x1440, 1024x768 GLX Renderer: GeForce GTX 770/PCIe/SSE2 GLX Version: 4.5.0 NVIDIA 384.98 RAM: 15.35 GB Passed all four stress tests, cpu, vm, io and hdd. glmark2 ran fine. pulseaudio sound and video OK. Common desktop applications OK. Viewing digital TV in vlc with Freeview input from an antenna. Bluetooth (blueman) paired immediately with audio device. NFS shared directories mounted automatically. Remote logins and file copying works.
Mageia 5 :: x86_64 Update to kernel linus and rebooted to a working desktop. There was a long hiatus before the Mate panel appeared. $ uname -r 4.4.105-1.mga5 Machine: System: LENOVO product: 9541 v: Lenovo IdeaPad Y500 Bios: LENOVO v: 6BCN34WW(V1.05) date: 11/29/2012 CPU: Quad core Intel Core i7-3630QM (-HT-MCP-) clocked at 3130 MHz Graphics: Card: NVIDIA GK107M [GeForce GT 650M] GLX Version: 4.5.0 NVIDIA 384.98 Wifi: Card-2: Intel Centrino Wireless-N 2230 driver: iwlwifi RAM: 7.75 GB No other obvious problems. Ran successful stress tests and glmark2. Good for Mageia 5 on x86_64.
Testing also M5/64, choosing Linus from the 'adavnced options' boot sub-menu Real hardware, AMD/ATI/Radeon graphics. $ uname -r 4.4.105-1.mga5 Used for a variety of things, mostly by testing bug 21600. Tried also video & sound. So far so good. Confirming Len's conclusion.
CC: (none) => lewyssmith
Whiteboard: (none) => MGA5-64-OK
Advisory, added to svn: This kernel-linus update is based on upstream 4.4.105 and fixes atleast the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver (CVE-2017-0786). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction. A user/process inside guest could use this flaw to potentially escalate their privileges inside guest. Linux guests are not affected.(CVE-2017-7518). The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (CVE-2017-12190). The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (CVE-2017-12193). Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (CVE-2017-13080). The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (CVE-2017-15115). Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (CVE-2017-15265) The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (CVE-2017-15299). The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (CVE-2017-16939). The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. (CVE-2017-16994).
Keywords: (none) => advisory
i586 version ok on x86_64 hardware. Validating the update.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0467.html
Status: NEW => RESOLVEDResolution: (none) => FIXED