updating to 4.14.119 to include the Intel MDS Security issue that went public a few hours ago... SRPMS: kernel-4.14.119-1.mga6.src.rpm kernel-userspace-headers-4.14.119-1.mga6.src.rpm kmod-vboxadditions-6.0.6-3.mga6.src.rpm kmod-virtualbox-6.0.6-3.mga6.src.rpm kmod-xtables-addons-2.13-85.mga6.src.rpm i586: cpupower-4.14.119-1.mga6.i586.rpm cpupower-devel-4.14.119-1.mga6.i586.rpm kernel-desktop-4.14.119-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-4.14.119-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-4.14.119-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-latest-4.14.119-1.mga6.i586.rpm kernel-desktop586-latest-4.14.119-1.mga6.i586.rpm kernel-desktop-devel-4.14.119-1.mga6-1-1.mga6.i586.rpm kernel-desktop-devel-latest-4.14.119-1.mga6.i586.rpm kernel-desktop-latest-4.14.119-1.mga6.i586.rpm kernel-doc-4.14.119-1.mga6.noarch.rpm kernel-server-4.14.119-1.mga6-1-1.mga6.i586.rpm kernel-server-devel-4.14.119-1.mga6-1-1.mga6.i586.rpm kernel-server-devel-latest-4.14.119-1.mga6.i586.rpm kernel-server-latest-4.14.119-1.mga6.i586.rpm kernel-source-4.14.119-1.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.119-1.mga6.noarch.rpm kernel-userspace-headers-4.14.119-1.mga6.i586.rpm perf-4.14.119-1.mga6.i586.rpm vboxadditions-kernel-4.14.119-desktop-1.mga6-6.0.6-3.mga6.i586.rpm vboxadditions-kernel-4.14.119-desktop586-1.mga6-6.0.6-3.mga6.i586.rpm vboxadditions-kernel-4.14.119-server-1.mga6-6.0.6-3.mga6.i586.rpm vboxadditions-kernel-desktop586-latest-6.0.6-3.mga6.i586.rpm vboxadditions-kernel-desktop-latest-6.0.6-3.mga6.i586.rpm vboxadditions-kernel-server-latest-6.0.6-3.mga6.i586.rpm virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.6-3.mga6.i586.rpm virtualbox-kernel-4.14.119-desktop586-1.mga6-6.0.6-3.mga6.i586.rpm virtualbox-kernel-4.14.119-server-1.mga6-6.0.6-3.mga6.i586.rpm virtualbox-kernel-desktop586-latest-6.0.6-3.mga6.i586.rpm virtualbox-kernel-desktop-latest-6.0.6-3.mga6.i586.rpm virtualbox-kernel-server-latest-6.0.6-3.mga6.i586.rpm xtables-addons-kernel-4.14.119-desktop-1.mga6-2.13-85.mga6.i586.rpm xtables-addons-kernel-4.14.119-desktop586-1.mga6-2.13-85.mga6.i586.rpm xtables-addons-kernel-4.14.119-server-1.mga6-2.13-85.mga6.i586.rpm xtables-addons-kernel-desktop586-latest-2.13-85.mga6.i586.rpm xtables-addons-kernel-desktop-latest-2.13-85.mga6.i586.rpm xtables-addons-kernel-server-latest-2.13-85.mga6.i586.rpm x86_64: cpupower-4.14.119-1.mga6.x86_64.rpm cpupower-devel-4.14.119-1.mga6.x86_64.rpm kernel-desktop-4.14.119-1.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-4.14.119-1.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-latest-4.14.119-1.mga6.x86_64.rpm kernel-desktop-latest-4.14.119-1.mga6.x86_64.rpm kernel-doc-4.14.119-1.mga6.noarch.rpm kernel-server-4.14.119-1.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-4.14.119-1.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-latest-4.14.119-1.mga6.x86_64.rpm kernel-server-latest-4.14.119-1.mga6.x86_64.rpm kernel-source-4.14.119-1.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.119-1.mga6.noarch.rpm kernel-userspace-headers-4.14.119-1.mga6.x86_64.rpm perf-4.14.119-1.mga6.x86_64.rpm vboxadditions-kernel-4.14.119-desktop-1.mga6-6.0.6-3.mga6.x86_64.rpm vboxadditions-kernel-4.14.119-server-1.mga6-6.0.6-3.mga6.x86_64.rpm vboxadditions-kernel-desktop-latest-6.0.6-3.mga6.x86_64.rpm vboxadditions-kernel-server-latest-6.0.6-3.mga6.x86_64.rpm virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.6-3.mga6.x86_64.rpm virtualbox-kernel-4.14.119-server-1.mga6-6.0.6-3.mga6.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.6-3.mga6.x86_64.rpm virtualbox-kernel-server-latest-6.0.6-3.mga6.x86_64.rpm xtables-addons-kernel-4.14.119-desktop-1.mga6-2.13-85.mga6.x86_64.rpm xtables-addons-kernel-4.14.119-server-1.mga6-2.13-85.mga6.x86_64.rpm xtables-addons-kernel-desktop-latest-2.13-85.mga6.x86_64.rpm xtables-addons-kernel-server-latest-2.13-85.mga6.x86_64.rpm
Advisory, also added to svn: type: security subject: Updated kernel packages fix security vulnerability CVE: - CVE-2018-12126 - CVE-2018-12127 - CVE-2018-12130 - CVE-2019-11091 src: 6: core: - kernel-4.14.119-1.mga6 - kernel-userspace-headers-4.14.119-1.mga6 - kmod-vboxadditions-6.0.6-3.mga6 - kmod-virtualbox-6.0.6-3.mga6 - kmod-xtables-addons-2.13-85.mga6 description: | This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigations new microcode is also needed, either by installing the microcode-0.20190514-1.mga6 package, or get an updated bios / uefi firmware from the motherboard vendor. The fixed / mitigated issues are: Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) references: - https://bugs.mageia.org/show_bug.cgi?id=24820 - https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.117 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119
Keywords: (none) => advisoryPriority: Normal => High
Depends on: (none) => 24800
Ok on my x86_64 Mageia 6 system with an amd cpu and vb guests on that system, both i586 and x86_64 Mageia 6 guests.
CC: (none) => davidwhodgins
Physical hardware amd x2-3800, nvidia, uses nouveau (mate) The following 5 packages are going to be installed: - cpupower-4.14.119-1.mga6.i586 - cpupower-devel-4.14.119-1.mga6.i586 - kernel-desktop-4.14.119-1.mga6-1-1.mga6.i586 - kernel-desktop-latest-4.14.119-1.mga6.i586 - microcode-0.20190514-1.mga6.nonfree.noarch 58MB of additional disk space will be used. -- rebooted $ uname -a Linux localhost 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 21:13:26 UTC 2019 i686 i686 i686 GNU/Linux browser works, pluma works, this machine runs as a samba and web server Samba working Apache working
CC: (none) => brtians1
Physical hardware: laptop toshiba 640, Intel i3-2100 (running gnome). The following 4 packages are going to be installed: - cpupower-4.14.119-1.mga6.x86_64 - kernel-desktop-4.14.119-1.mga6-1-1.mga6.x86_64 - kernel-desktop-latest-4.14.119-1.mga6.x86_64 - microcode-0.20190514-1.mga6.nonfree.noarch Rebooted $ uname -a Linux localhost.localdomain 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 19:26:16 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux samba client working, browser working, wifi working, rhythmbox working, closing lid for sleep mod e works working as designed.
Athlon X2 7750, 8GB RAM, Geforce 210 (nvidia340) graphics, Atheros wifi, 64-bit Plasma system. The following 8 packages are going to be installed: - cpupower-4.14.119-1.mga6.x86_64 - kernel-desktop-4.14.119-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.119-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.119-1.mga6.x86_64 - kernel-desktop-latest-4.14.119-1.mga6.x86_64 - microcode-0.20190312-1.mga6.nonfree.noarch - virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.6-3.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.6-3.mga6.x86_64 Packages installed cleanly, nvidia module apparently built. Rebooted to a working desktop. Tried a few apps. Quick-and-dirty assessment: It's OK here.
CC: (none) => andrewsfarm
x86_64 UEFI, Intel Core i7-4790 (-HT-MCP-) NVIDIA GM204 [GeForce GTX 970] - nvidia 590.87 Desktop kernel installed cleanly and rebooted to Mate OK. Bluetooth connection working without any congiguration. Free-to-air TV working. NFS shares established. stress tests passed. 32-bit mga5 GNOME classic launched in virtualbox.
CC: (none) => tarazed25
mga6-64, i7, Nvidia GPU and driver, Plasma Have been using it about five hours work, no issues seen; Thunderbird, LibreOffice6, video incl audio in Firefox, VirtualBox running MSW7 incl USB2 flash stick and windowsupdate, all mentionned activities open while concurrently all cores used by BOINC. Smooth installation and reboot. This system also updates all installed to testing. $ uname -a Linux svarten 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 19:26:16 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Hardware: i7-2600K, Nvidia GTX760 (GK104) using proprietary driver GeForce 420 and later, with CUDA & OpenCL detected OK in BOINC (bot not used), / & /home & swap in LVM on LUKS on SSD
CC: (none) => fri
Installed the desktop kernel on a Skylake machine. Deca core Intel Core i9-7900X (-HT-MCP-) NVIDIA GP102 [GeForce GTX 1080 Ti] - nvidia 390.87 Probably redundant: # drakboot --boot Rebooted to Mate, NFS shares mounted. TV working via an antenna and USB DVB-T2 adapter. Stress tests ran to completion. Tried several applications - no regressions noted.
on mga6-64 kernel-desktop plasma packages installed cleanly: - cpupower-4.14.119-1.mga6.x86_64 - kernel-desktop-4.14.119-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.119-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.119-1.mga6.x86_64 - kernel-desktop-latest-4.14.119-1.mga6.x86_64 - kernel-userspace-headers-4.14.119-1.mga6.x86_64 - microcode-0.20190514-1.mga6.nonfree.noarch - virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.6-3.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.6-3.mga6.x86_64 system rebooted normally: $ uname -r 4.14.119-desktop-1.mga6 $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xcc, date = 2019-04-01 [ 0.543372] microcode: sig=0x506e3, pf=0x2, revision=0xcc [ 0.543640] microcode: Microcode Update Driver: v2.2. # dkms status virtualbox, 6.0.6-1.mga6, 4.14.119-desktop-1.mga6, x86_64: installed virtualbox, 6.0.6-1.mga6, 4.14.119-desktop-1.mga6, x86_64: installed-binary from 4.14.119-desktop-1.mga6 (also updated to kernel-desktop-4.14.119-1 in 32 bit and 64 bit vbox clients) no regressions noted looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.12.0 date: 02/15/2019 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530
CC: (none) => jim
Enough tests, flushing it out
Whiteboard: (none) => MGA6-64-OK, MGA6-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0174.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED