Meltdown fixed kernel... Advisory will follow There might be need for a rebuild for additional fixes... but please start testing so we can catch regressions... SRPMS: kernel-linus-4.4.110-1.mga5.src.rpm i586: kernel-linus-4.4.110-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.110-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.110-1.mga5.i586.rpm kernel-linus-doc-4.4.110-1.mga5.noarch.rpm kernel-linus-latest-4.4.110-1.mga5.i586.rpm kernel-linus-source-4.4.110-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.110-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.110-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.110-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.110-1.mga5.x86_64.rpm kernel-linus-doc-4.4.110-1.mga5.noarch.rpm kernel-linus-latest-4.4.110-1.mga5.x86_64.rpm kernel-linus-source-4.4.110-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.110-1.mga5.noarch.rpm
Depends on: (none) => 22337
System: Host: juza Kernel: 4.4.110-1.mga5 x86_64 Desktop: MATE 1.8.1 Distro: Mageia 5 thornicroft CPU: Quad core Intel Core i7-3630QM (-HT-MCP-) Machine: System: LENOVO product: 9541 v: Lenovo IdeaPad Y500 Graphics: Card: NVIDIA GK107M [GeForce GT 650M] GLX Version: 4.5.0 NVIDIA 384.111 This has been running for a while now without issues. The usual stress tests completed OK. No problems with wifi. OK for mga5::x86_64 on this hardware.
CC: (none) => tarazed25
Testing M5/64 Real EFI hardware, AMD processor, 4Gb, AMD/ATI/Radeon graphics. Sound, no wifi, ethernet. $ uname -r 4.4.110-1.mga5 = linus After messing around a bit in various directions, all looks OK. Video, graphics, sound.Second Lens's view. As we are having another kernel soon, this one certainly seems to work well enough to OK for now.
Whiteboard: (none) => MGA5-64-OK
Unfortunately there is still some regressions that will be fixed in 4.4.111, so a new kernel will be coming...
Keywords: (none) => feedback
Fixed kernels: SRPMS: kernel-linus-4.4.111-1.mga5.src.rpm i586: kernel-linus-4.4.111-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.4.111-1.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.4.111-1.mga5.i586.rpm kernel-linus-doc-4.4.111-1.mga5.noarch.rpm kernel-linus-latest-4.4.111-1.mga5.i586.rpm kernel-linus-source-4.4.111-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.111-1.mga5.noarch.rpm x86_64: kernel-linus-4.4.111-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.4.111-1.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.4.111-1.mga5.x86_64.rpm kernel-linus-doc-4.4.111-1.mga5.noarch.rpm kernel-linus-latest-4.4.111-1.mga5.x86_64.rpm kernel-linus-source-4.4.111-1.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.4.111-1.mga5.noarch.rpm
Summary: Update request: kernel-linus 4.4.110 => Update request: kernel-linus 4.4.111Whiteboard: MGA5-64-OK => (none)Keywords: feedback => (none)
Advisory, added to svn: type: security subject: Updated kernel-linus packages fix security vulnerabilities CVE: - CVE-2017-5754 - CVE-2017-15129 - CVE-2017-1000407 src: 5: core: - kernel-linus-4.4.111-1.mga5 description: | This kernel-linus update provides the upstream 4.4.111 and and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation (KTPI). Note that according to AMD, this issue does not effect Amd processors, so it is not enabled by default on systems using Amd CPU. The list of known security fixes and mitigations in this kernel: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache (CVE-2017-5754, "MeltDown"). A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (CVE-2017-15129). The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (CVE-2017-1000407). The kernels are also fixed to allow loading cpu microcode for Amd family 17 (Zen) processors. For more info about Meltdown, Spectre and other fixes in this update, see the refences. references: - https://bugs.mageia.org/show_bug.cgi?id=22333 - https://meltdownattack.com/ - https://googleprojectzero.blogspot.fi/2018/01/reading-privileged-memory-with-side.html - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.106 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.108 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.109 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.110 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.111
Keywords: (none) => advisory
Whiteboard: (none) => MGA5-64-OK, MGA5-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0075.html
Status: NEW => RESOLVEDResolution: (none) => FIXED