Follow-up fixes for the MDS / ZombieLoad attack fixes, atleast one ext4 data leak fix and fixing a regression with bluetooth stopped working as reported in bug 24840... Advisory to follow... SRPMS: kernel-4.14.121-1.mga6.src.rpm kernel-userspace-headers-4.14.121-1.mga6.src.rpm kmod-vboxadditions-6.0.8-2.mga6.src.rpm kmod-virtualbox-6.0.8-2.mga6.src.rpm kmod-xtables-addons-2.13-86.mga6.src.rpm i586: cpupower-4.14.121-1.mga6.i586.rpm cpupower-devel-4.14.121-1.mga6.i586.rpm kernel-desktop-4.14.121-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-4.14.121-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-4.14.121-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-latest-4.14.121-1.mga6.i586.rpm kernel-desktop586-latest-4.14.121-1.mga6.i586.rpm kernel-desktop-devel-4.14.121-1.mga6-1-1.mga6.i586.rpm kernel-desktop-devel-latest-4.14.121-1.mga6.i586.rpm kernel-desktop-latest-4.14.121-1.mga6.i586.rpm kernel-doc-4.14.121-1.mga6.noarch.rpm kernel-server-4.14.121-1.mga6-1-1.mga6.i586.rpm kernel-server-devel-4.14.121-1.mga6-1-1.mga6.i586.rpm kernel-server-devel-latest-4.14.121-1.mga6.i586.rpm kernel-server-latest-4.14.121-1.mga6.i586.rpm kernel-source-4.14.121-1.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.121-1.mga6.noarch.rpm kernel-userspace-headers-4.14.121-1.mga6.i586.rpm perf-4.14.121-1.mga6.i586.rpm vboxadditions-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.i586.rpm vboxadditions-kernel-4.14.121-desktop586-1.mga6-6.0.8-2.mga6.i586.rpm vboxadditions-kernel-4.14.121-server-1.mga6-6.0.8-2.mga6.i586.rpm vboxadditions-kernel-desktop586-latest-6.0.8-2.mga6.i586.rpm vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.i586.rpm vboxadditions-kernel-server-latest-6.0.8-2.mga6.i586.rpm virtualbox-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.i586.rpm virtualbox-kernel-4.14.121-desktop586-1.mga6-6.0.8-2.mga6.i586.rpm virtualbox-kernel-4.14.121-server-1.mga6-6.0.8-2.mga6.i586.rpm virtualbox-kernel-desktop586-latest-6.0.8-2.mga6.i586.rpm virtualbox-kernel-desktop-latest-6.0.8-2.mga6.i586.rpm virtualbox-kernel-server-latest-6.0.8-2.mga6.i586.rpm xtables-addons-kernel-4.14.121-desktop-1.mga6-2.13-86.mga6.i586.rpm xtables-addons-kernel-4.14.121-desktop586-1.mga6-2.13-86.mga6.i586.rpm xtables-addons-kernel-4.14.121-server-1.mga6-2.13-86.mga6.i586.rpm xtables-addons-kernel-desktop586-latest-2.13-86.mga6.i586.rpm xtables-addons-kernel-desktop-latest-2.13-86.mga6.i586.rpm xtables-addons-kernel-server-latest-2.13-86.mga6.i586.rpm x86_64: cpupower-4.14.121-1.mga6.x86_64.rpm cpupower-devel-4.14.121-1.mga6.x86_64.rpm kernel-desktop-4.14.121-1.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-4.14.121-1.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-latest-4.14.121-1.mga6.x86_64.rpm kernel-desktop-latest-4.14.121-1.mga6.x86_64.rpm kernel-doc-4.14.121-1.mga6.noarch.rpm kernel-server-4.14.121-1.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-4.14.121-1.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-latest-4.14.121-1.mga6.x86_64.rpm kernel-server-latest-4.14.121-1.mga6.x86_64.rpm kernel-source-4.14.121-1.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.121-1.mga6.noarch.rpm kernel-userspace-headers-4.14.121-1.mga6.x86_64.rpm perf-4.14.121-1.mga6.x86_64.rpm vboxadditions-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64.rpm vboxadditions-kernel-4.14.121-server-1.mga6-6.0.8-2.mga6.x86_64.rpm vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.x86_64.rpm vboxadditions-kernel-server-latest-6.0.8-2.mga6.x86_64.rpm virtualbox-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64.rpm virtualbox-kernel-4.14.121-server-1.mga6-6.0.8-2.mga6.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.8-2.mga6.x86_64.rpm virtualbox-kernel-server-latest-6.0.8-2.mga6.x86_64.rpm xtables-addons-kernel-4.14.121-desktop-1.mga6-2.13-86.mga6.x86_64.rpm xtables-addons-kernel-4.14.121-server-1.mga6-2.13-86.mga6.x86_64.rpm xtables-addons-kernel-desktop-latest-2.13-86.mga6.x86_64.rpm xtables-addons-kernel-server-latest-2.13-86.mga6.x86_64.rpm
x86_64 server kernel is now running on all of Mageia infra and on my own servers
mga6, UEFI Intel Core i7-4790 (-HT-MCP-) NVIDIA GM204 [GeForce GTX 970] - nvidia 390.87 Installed packages. - cpupower-4.14.121-1.mga6.x86_64 - kernel-desktop-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.121-1.mga6.x86_64 - kernel-desktop-latest-4.14.121-1.mga6.x86_64 - kernel-doc-4.14.121-1.mga6.noarch - kernel-source-4.14.121-1.mga6-1-1.mga6.noarch - kernel-source-latest-4.14.121-1.mga6.noarch - kernel-userspace-headers-4.14.121-1.mga6.x86_64 - perf-4.14.121-1.mga6.x86_64 - vboxadditions-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64 - vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.x86_64 - virtualbox-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.8-2.mga6.x86_64 - xtables-addons-kernel-4.14.121-desktop-1.mga6-2.13-86.mga6.x86_64 - xtables-addons-kernel-desktop-latest-2.13-86.mga6.x86_64 # urpmi cpupower-devel Rebooted to Cinnamon. Bluetooth working, USB drives mounted. The file manager comes up with a handy cli panel above the icons. The machine handled disk, cpu, ram and io stress tests well. Switched to plain GNOME, which MageiaWelcome reported as GNOME Wayland. That functioned as expected. glmark2 ran very fast. Tried GNOME Wayland but that looped back to login every time. GNOME on Xorg worked fine. Xfce came up OK. File associations in the file manager seem reasonable. Reverted to Mate. glmark2 score 40% of the Cinnamon score but everything is working including virtualbox.
CC: (none) => tarazed25
s/Cinnamon score/GNOME score/
on mga6-64 kernel-desktop plasma packages installed cleanly: - cpupower-4.14.121-1.mga6.x86_64 - kernel-desktop-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.121-1.mga6.x86_64 - kernel-desktop-latest-4.14.121-1.mga6.x86_64 - kernel-userspace-headers-4.14.121-1.mga6.x86_64 - virtualbox-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.8-2.mga6.x86_64 system rebooted normally: $ uname -r 4.14.121-desktop-1.mga6 # dkms status virtualbox, 6.0.8-1.mga6, 4.14.119-desktop-1.mga6, x86_64: installed virtualbox, 6.0.8-1.mga6, 4.14.121-desktop-1.mga6, x86_64: installed virtualbox, 6.0.8-1.mga6, 4.14.119-desktop-1.mga6, x86_64: installed-binary from 4.14.119-desktop-1.mga6 virtualbox, 6.0.8-1.mga6, 4.14.121-desktop-1.mga6, x86_64: installed-binary from 4.14.121-desktop-1.mga6 vbox and clients - OK (updated to kernel-desktop-4.14.121-1 in mga vbox clients) no regressions noted looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.12.0 date: 02/15/2019 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530
CC: (none) => jim
In a Vbox client, M6.1, Plasma, 32-bit Testing: kernel-desktop-latest vboxadditions-kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 21:13:26 UTC 2019 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.14.119-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-6.0.8-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.119-1.mga6.i586 is already installed Install kernel-desktop-latest vboxadditions-kernel-desktop-latest cpupower from updates testing TThe following 6 packages are going to be installed: - cpupower-4.14.121-1.mga6.i586 - kernel-desktop-4.14.121-1.mga6-1-1.mga6.i586 - kernel-desktop-latest-4.14.121-1.mga6.i586 - meta-task-6-3.3.mga6.noarch - vboxadditions-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.i586 - vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.i586 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 4.14.121-desktop-1.mga6 #1 SMP Wed May 22 11:32:04 UTC 2019 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.14.121-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.121-1.mga6.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.int
In a Vbox client, M6.1, Plasma, 64-bit Testing: kernel-desktop-latest vboxadditions-kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 19:26:16 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.14.119-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-6.0.8-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.119-1.mga6.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop-latest vboxadditions-kernel-desktop-latest cpupower from updates testing The following 6 packages are going to be installed: - cpupower-4.14.121-1.mga6.x86_64 - kernel-desktop-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-latest-4.14.121-1.mga6.x86_64 - meta-task-6-3.3.mga6.noarch - vboxadditions-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64 - vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.x86_64 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 4.14.121-desktop-1.mga6 #1 SMP Wed May 22 12:26:58 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.14.121-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.121-1.mga6.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
On real hardware, M6.1, Plasma, 64-bit initial install: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest dkms-nvidia-current cpupower [root@localhost wilcal]# uname -a Linux localhost 4.14.104-desktop-2.mga6 #1 SMP Wed Feb 27 17:08:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.14.104-2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-5.2.24-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.2.24-8.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-5.2.24-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-5.2.24-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-5.2.24-8.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-5.2.24-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-4.14.104-2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-nvidia-current Package dkms-nvidia-current-390.87-1.mga6.nonfree.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.104-2.mga6.x86_64 is already installed [root@localhost wilcal]# lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current Mageia-6.1-LiveDVD-Xfce-i586-DVD.iso Create a Vbox client. Works just fine. Boots to a working desktop. install from update_testing: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest dkms-nvidia-current cpupower The following 9 packages are going to be installed: - kernel-desktop-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.121-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.121-1.mga6.x86_64 - kernel-desktop-latest-4.14.121-1.mga6.x86_64 - meta-task-6-3.3.mga6.noarch - vboxadditions-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64 - vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.x86_64 - virtualbox-kernel-4.14.121-desktop-1.mga6-6.0.8-2.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.8-2.mga6.x86_64 [root@localhost wilcal]# uname -a Linux localhost 4.14.121-desktop-1.mga6 #1 SMP Wed May 22 12:26:58 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.14.121-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.8-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-6.0.8-2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-6.0.8-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-6.0.8-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-6.0.8-2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-5.2.24-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-4.14.121-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-nvidia-current Package dkms-nvidia-current-390.87-1.mga6.nonfree.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-4.14.121-1.mga6.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current Mageia-6.1-LiveDVD-Xfce-i586-DVD.iso Still works as a Vbox client. Boots to a working desktop. Mageia-6.1-LiveDVD-GNOME-x86_64-DVD.iso Create a Vbox client. Works just fine. Boots to a working desktop. Mageia-7-rc-x86_64.iso Installs as a Vbox client. Boots to a working desktop. Updates then reboots back to a working desktop. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB)
AMD Athlon X2 7750, 8GB RAM, Geforce 210 (nvidia340) graphics, Atheros wifi, 64-bit Plasma system using the desktop kernel. All packages installed cleanly. After the reboot tried all the usual suspects, including VirtualBox. No issues noted.
CC: (none) => andrewsfarm
Advisory, added to svn: type: security subject: Updated kernel packages fix security vulnerabilities CVE: - CVE-2019-10142 - CVE-2019-11833 src: 7: core: - kernel-4.14.121-1.mga6 - kernel-userspace-headers-4.14.121-1.mga6 - kmod-vboxadditions-6.0.8-2.mga6 - kmod-virtualbox-6.0.8-2.mga6 - kmod-xtables-addons-2.13-86.mga6 description: | This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities. It also fixes the following security issues: A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects (CVE-2019-10142). fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (CVE-2019-11833). It also fixes an upstream regression that caused older 'legacy' bluetooth adapters to stop working (mga #24840). For other uptstream fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=24853 - https://bugs.mageia.org/show_bug.cgi?id=24840 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121
Keywords: (none) => advisory
Enough tests, validating
Keywords: (none) => validated_updateWhiteboard: (none) => MGA6-32-OK MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0185.html
Status: NEW => RESOLVEDResolution: (none) => FIXED