Bug 23077 - Update request: kernel-linus-4.14.44-1.mga6
Summary: Update request: kernel-linus-4.14.44-1.mga6
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: mga6-64-ok, mga6-32-ok
Keywords: advisory, validated_update
Depends on: 22977 23062
  Show dependency treegraph
Reported: 2018-05-23 09:25 CEST by Thomas Backlund
Modified: 2018-05-31 22:35 CEST (History)
2 users (show)

See Also:
Source RPM: kernel-linus
Status comment:


Description Thomas Backlund 2018-05-23 09:25:53 CEST
Spectre v4 mitigations + other security and bugfixes... advisory will follow



Thomas Backlund 2018-05-23 09:28:09 CEST

Depends on: (none) => 23062, 22977

Comment 1 Len Lawrence 2018-05-23 11:47:27 CEST
Installed cleanly.  Removed an older kernel to make space. 
# update-grub

Warm reboot and no obvious problems.
System:    Host: difda Kernel: 4.14.43-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
CPU:       Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3836/4000 MHz
Machine:   Device: desktop Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
           UEFI: American Megatrends v: V17.8 date: 12/24/2014
Graphics:  Card: NVIDIA GM204 [GeForce GTX 970]
           Display Server: Mageia X.org 119.5 drivers: nvidia,v4l
           Resolution: 3840x2160@30.00hz
           GLX Renderer: GeForce GTX 970/PCIe/SSE2
           GLX Version: 4.6.0 NVIDIA 390.59
RAM:       31.37 GB

CC: (none) => tarazed25

Comment 2 Thomas Backlund 2018-05-26 01:25:40 CEST
Updated to 4.14.44 for more security fixes, and to match core kernel

sp, rpms to test:




Summary: Update request: kernel-linus-4.14.43-1.mga6 => Update request: kernel-linus-4.14.44-1.mga6

Comment 3 Len Lawrence 2018-05-26 21:02:31 CEST
System:    Host: difda Kernel: 4.14.44-1.mga6 x86_64
CPU:       Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3826/4000 MHz
Machine:   Device: desktop Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
Graphics:  Card: NVIDIA GM204 [GeForce GTX 970]
           GLX Renderer: GeForce GTX 970/PCIe/SSE2 GLX Version: 4.6.0 NVIDIA 390.59
Network:   Card: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
RAM:       31.37 GB

Installed and rebooted without a hitch.  Ran the usual battery of tests.
Looking good.
Comment 4 Thomas Backlund 2018-05-30 21:00:51 CEST
Advisory (added to svn):

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
 - CVE-2018-1065
 - CVE-2018-1068
 - CVE-2018-1087
 - CVE-2018-1092
 - CVE-2018-1093
 - CVE-2018-1094
 - CVE-2018-1095
 - CVE-2018-1108
 - CVE-2018-1130
 - CVE-2018-8897
 - CVE-2018-1120
 - CVE-2018-3639
 - CVE-2018-1000004
 - CVE-2018-1000200
     - kernel-linus-4.14.44-1.mga6
description: |
  This kernel-linus update is based on the upstream 4.14.44 and fixes atleast
  the following security issues:

  The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the
  case of a rule blob that contains a jump but lacks a user-defined chain,
  which allows local users to cause a denial of service (NULL pointer
  dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,
  related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table
  in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
  net/ipv6/netfilter/ip6_tables.c (CVE-2018-1065).

  A flaw was found in the Linux kernel implementation of 32 bit syscall
  interface for bridging allowing a privileged user to arbitrarily write
  to a limited range of kernel memory. This flaw can be exploited not only
  by a system's privileged user (a real "root" user), but also by an
  attacker who is a privileged user (a "root" user) in a user+network
  namespace (CVE-2018-1068).

  On x86, MOV SS and POP SS behave strangely if they encounter a data
  breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that
  a #DB instruction was caused by the undocumented ICEBP instruction. This
  results in #DB being delivered to the guest kernel with an incorrect RIP
  on the stack. On most guest kernels, this will allow a guest user to DoS
  the guest kernel or even to escalate privilege to that of the guest kernel

  The ext4_iget function in fs/ext4/inode.c in the Linux kernel through
  4.15.15 mishandles the case of a root directory with a zero i_links_count,
  which allows attackers to cause a denial of service (ext4_process_freed_data
  NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092).

  The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel
  through 4.15.15 allows attackers to cause a denial of service (out-of-bounds
  read and system crash) via a crafted ext4 image because balloc.c and ialloc.c
  do not validate bitmap block numbers (CVE-2018-1093).

  The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through
  4.15.15 does not always initialize the crc32c checksum driver, which allows
  attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer
  dereference and system crash) via a crafted ext4 image (CVE-2018-1094).

  The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel
  through 4.15.15 does not properly validate xattr sizes, which causes
  misinterpretation of a size as an error code, and consequently allows
  attackers to cause a denial of service (get_acl NULL pointer dereference and
  system crash) via a crafted ext4 image (CVE-2018-1095).

  Predictable Random Number Generator Weakness (CVE-2018-1108).

  By mmap()ing a FUSE-backed file onto a process's memory containing command
  line arguments (or environment strings), an attacker can cause utilities
  from psutils or procps (such as ps, w) or any other program which makes a
  read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to
  block indefinitely (denial of service) or for some controlled time (as a
  synchronization primitive for other attacks) (CVE-2018-1120).

  A null pointer dereference in dccp_write_xmit() function in
  net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local
  user to cause a denial of service by a number of certain crafted
  system calls (CVE-2018-1130).

  Speculative Store Bypass (SSB) – also known as Spectre Variant 4.
  Systems with microprocessors utilizing speculative execution and speculative
  execution of memory reads before the addresses of all prior memory writes
  are known may allow unauthorized disclosure of information to an attacker
  with local user access via a side-channel analysis (CVE-2018-3639).
  NOTE! This fix only apply to Amd hardware so far as Intel CPUs need a
  fixed microcode update in order for the fix to get activated. At the time
  of this release we dont yet know when Intel will release new microcode.

  The Linux kernel does not properly handle debug exceptions delivered after a
  stack switch operation via mov SS or pop SS instructions. During the stack
  switch operation, the exceptions are deferred. As a result, a local user can
  cause the kernel to crash (CVE-2018-8897).

  A race condition vulnerability exists in the sound system, that can
  lead to a deadlock and denial of service condition (CVE-2018-1000004).

  A flaw was found in the Linux kernel where an out of memory (oom) killing
  of a process that has large spans of mlocked memory can result in
  deferencing a NULL pointer, leading to denial of service (CVE-2018-1000200).

  For other fixes in this update, see the referenced changelogs.
 - https://bugs.mageia.org/show_bug.cgi?id=23077
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.19
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.20
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.21
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.22
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.23
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.24
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.26
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.27
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.28
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.29
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.30
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.31
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.32
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.33
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.34
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.35
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.36
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.37
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.38
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.39
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.40
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.41
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.42
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.44

Keywords: (none) => advisory

Comment 5 Thomas Backlund 2018-05-31 22:11:26 CEST
Enough tests, validating

Whiteboard: (none) => mga6-64-ok, mga6-32-ok
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2018-05-31 22:35:12 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.