more followup fixes for spectre and LITF security issues and some other security and bugfixes... SRPMS: kernel-tmb-4.14.68-1.mga6.src.rpm i586: kernel-tmb-desktop-4.14.68-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-4.14.68-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-latest-4.14.68-1.mga6.i586.rpm kernel-tmb-desktop-latest-4.14.68-1.mga6.i586.rpm kernel-tmb-source-4.14.68-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.68-1.mga6.noarch.rpm x86_64: kernel-tmb-desktop-4.14.68-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-4.14.68-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-latest-4.14.68-1.mga6.x86_64.rpm kernel-tmb-desktop-latest-4.14.68-1.mga6.x86_64.rpm kernel-tmb-source-4.14.68-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.68-1.mga6.noarch.rpm
Mageia 6, x86_64 Intel core i7, NVIDIA GTX 770. Creating: target|kernel|dracut args|basicmodules remove-boot-splash: Format of /boot/initrd-4.14.68-tmb-desktop-1.mga6.img not recognized But otherwise OK. Rebooted to Mate desktop - NETFLOW driver and other kernel modules rebuilt on the fly. Desktop fully operational. Hardware and memory stress tests ran OK.
CC: (none) => tarazed25
Mageia 6, x86_64 Intel core i7, NVIDIA GTX 970 No problem with the update but something odd happened with the disk stress test. $ stress -d 3 -t 25 That did not terminate and gkrellm indicated that eth0 was heavily used throughout the test together with one of the cores. Ctrl-C stopped the command in the terminal but disk activity continued for at least five minutes. Tried a very short time interval but the process stuck again. $ stress -d 2 -t 10 stress: info: [11376] dispatching hogs: 0 cpu, 0 io, 0 vm, 2 hdd ^C [lcl@difda qa]$ ps aux | grep stress lcl 11377 7.6 0.0 8108 1688 pts/2 D 10:54 0:07 stress -d 2 -t 10 lcl 11378 7.9 0.0 8108 1688 pts/2 D 10:54 0:07 stress -d 2 -t 10 Looks like it re-spawned right after the Ctrl-C. It died eventually. This seems to happen every now and again with kernel updates but everything else is working fine.
Re comment #2 In the journal there were dozens of lines like: Sep 08 10:42:40 difda pkexec[7792]: pam_systemd(polkit-1:session): Cannot create Sep 08 10:42:40 difda pkexec[7792]: pam_unix(polkit-1:session): session opened f Sep 08 10:42:43 difda mgaapplet[9716]: Packages are up to date Sep 08 10:43:45 difda pkexec[13980]: lcl: Error executing command as another use Sep 08 10:44:12 difda pkexec[16007]: lcl: Error executing command as another use which may be completely irrelevant.
Mageia 6, x86_64 Intel core i9, NVIDIA GTX 1080Ti Updated without a problem and rebooted to Mate. Desktop fully functional. Stress tests, glmark2, kaffeine TV via WinTV Hauppauge USB adapter, all OK.
MGA6-32 MATE on IBM Thinkpad R50e At installation, I also deleted three kernels of the 4.14.5X range, all seems to go well. After reboot $ uname -a Linux mach6.hviaene.thuis 4.14.65-desktop-1.mga6 #1 SMP Sat Aug 18 16:12:25 UTC 2018 i686 i686 i686 GNU/Linux i.e. the previous kernel version. Checked in MCC that the kernel packages were installed OK - confirm that. Looked at the startup options in MCC and saw that 4.14.68 is in the list, but apparently it hqs not been set as default. Leaving this laptop as is in case someone might require more info on the current configuration.
CC: (none) => herman.viaene
Yeah, its by design. Only core kernel updates sets/updates default kernel. That so people installing several kernels dont get surprises
@Herman re comment 5: And if you think you might have difficulty identifying it you could always run 'drakboot --boot' as root and select it as the default.
My message that I posted on the wrong bug - I didn't install the tmb kernel - was not registered, so I will answer on bug 23543.
So new rpms fixing the SPI_INTEL_SPI issue in comment 17 and rebased on 4.14.69 for more security and bugfixes... SRPMS: kernel-tmb-4.14.69-1.mga6.src.rpm i586: kernel-tmb-desktop-4.14.69-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-4.14.69-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-latest-4.14.69-1.mga6.i586.rpm kernel-tmb-desktop-latest-4.14.69-1.mga6.i586.rpm kernel-tmb-source-4.14.69-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.69-1.mga6.noarch.rpm x86_64: kernel-tmb-desktop-4.14.69-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-4.14.69-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-latest-4.14.69-1.mga6.x86_64.rpm kernel-tmb-desktop-latest-4.14.69-1.mga6.x86_64.rpm kernel-tmb-source-4.14.69-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.69-1.mga6.noarch.rpm
Summary: Upate request: kernel-tmb-4.14.68-1.mga6 => Upate request: kernel-tmb-4.14.69-1.mga6
x86_64, Intel Core i7 with NVIDIA GTX 970 graphics. Tried the tmb kernel. The Mate desktop was running fine and glmark2 was back to its usual low score.
Advisory, added to svn: type: security subject: Updated kernel-tmb packages fix security vulnerabilities CVE: - CVE-2018-6554 - CVE-2018-6555 src: 6: core: - kernel-tmb-4.14.69-1.mga6 description: | This kernel-tmb update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes atleast the following security issues: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (CVE-2018-6554). The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (CVE-2018-6554). Other fixes in this update: * WireGuard has been updated to 0.0.20180904 * all SPI_INTEL_SPI config options have been disable to prevent a potential bios corrupting bug (mga#23560) For other changes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=23544 - https://bugs.mageia.org/show_bug.cgi?id=23560 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.66 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.67 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.68 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.69
Keywords: (none) => advisory
Enough tests, validating
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => mga6-64-ok, mga6-32-ok
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0374.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
On real hardware, M6, Plasma, 64-bit Testing: kernel-tmb-desktop-latest cpupower The following 3 packages are going to be installed: - cpupower-4.14.69-1.mga6.x86_64 - kernel-tmb-desktop-4.14.69-1.mga6-1-1.mga6.x86_64 - kernel-tmb-desktop-latest-4.14.69-1.mga6.x86_64 [root@localhost wilcal]# uname -a Linux localhost 4.14.69-tmb-desktop-1.mga6 #1 SMP PREEMPT Wed Sep 12 12:48:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.14.69-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.69-1.mga6.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Test platform: Intel Core i5-4460 Haswell Quad-Core 3.2GHz LGA 115 Gigabyte GA-B85M-D3H LGA 1150 Intel B85 chipset Integrated Graphics Processor - Intel HD Graphics support Audito chipset - Realtek ALC892, 7.1 channels Corsair Vengeance 8GB ( 2 x 4GB ) 240-pin DDR3 SDRAM 1600
CC: (none) => wilcal.int