- security fixes, including: CVE-2019-1125 "SWAPGS" Spectre Vulnerability - bugfixes SRPMS: kernel-4.14.137-1.mga6.src.rpm kernel-userspace-headers-4.14.137-1.mga6.src.rpm kmod-vboxadditions-6.0.10-2.mga6.src.rpm kmod-virtualbox-6.0.10-2.mga6.src.rpm kmod-xtables-addons-2.13-90.mga6.src.rpm i586: cpupower-4.14.137-1.mga6.i586.rpm cpupower-devel-4.14.137-1.mga6.i586.rpm kernel-desktop-4.14.137-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-4.14.137-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-4.14.137-1.mga6-1-1.mga6.i586.rpm kernel-desktop586-devel-latest-4.14.137-1.mga6.i586.rpm kernel-desktop586-latest-4.14.137-1.mga6.i586.rpm kernel-desktop-devel-4.14.137-1.mga6-1-1.mga6.i586.rpm kernel-desktop-devel-latest-4.14.137-1.mga6.i586.rpm kernel-desktop-latest-4.14.137-1.mga6.i586.rpm kernel-doc-4.14.137-1.mga6.noarch.rpm kernel-server-4.14.137-1.mga6-1-1.mga6.i586.rpm kernel-server-devel-4.14.137-1.mga6-1-1.mga6.i586.rpm kernel-server-devel-latest-4.14.137-1.mga6.i586.rpm kernel-server-latest-4.14.137-1.mga6.i586.rpm kernel-source-4.14.137-1.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.137-1.mga6.noarch.rpm kernel-userspace-headers-4.14.137-1.mga6.i586.rpm perf-4.14.137-1.mga6.i586.rpm vboxadditions-kernel-4.14.137-desktop-1.mga6-6.0.10-2.mga6.i586.rpm vboxadditions-kernel-4.14.137-desktop586-1.mga6-6.0.10-2.mga6.i586.rpm vboxadditions-kernel-4.14.137-server-1.mga6-6.0.10-2.mga6.i586.rpm vboxadditions-kernel-desktop586-latest-6.0.10-2.mga6.i586.rpm vboxadditions-kernel-desktop-latest-6.0.10-2.mga6.i586.rpm vboxadditions-kernel-server-latest-6.0.10-2.mga6.i586.rpm virtualbox-kernel-4.14.137-desktop-1.mga6-6.0.10-2.mga6.i586.rpm virtualbox-kernel-4.14.137-desktop586-1.mga6-6.0.10-2.mga6.i586.rpm virtualbox-kernel-4.14.137-server-1.mga6-6.0.10-2.mga6.i586.rpm virtualbox-kernel-desktop586-latest-6.0.10-2.mga6.i586.rpm virtualbox-kernel-desktop-latest-6.0.10-2.mga6.i586.rpm virtualbox-kernel-server-latest-6.0.10-2.mga6.i586.rpm xtables-addons-kernel-4.14.137-desktop-1.mga6-2.13-90.mga6.i586.rpm xtables-addons-kernel-4.14.137-desktop586-1.mga6-2.13-90.mga6.i586.rpm xtables-addons-kernel-4.14.137-server-1.mga6-2.13-90.mga6.i586.rpm xtables-addons-kernel-desktop586-latest-2.13-90.mga6.i586.rpm xtables-addons-kernel-desktop-latest-2.13-90.mga6.i586.rpm xtables-addons-kernel-server-latest-2.13-90.mga6.i586.rpm x86_64: cpupower-4.14.137-1.mga6.x86_64.rpm cpupower-devel-4.14.137-1.mga6.x86_64.rpm kernel-desktop-4.14.137-1.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-4.14.137-1.mga6-1-1.mga6.x86_64.rpm kernel-desktop-devel-latest-4.14.137-1.mga6.x86_64.rpm kernel-desktop-latest-4.14.137-1.mga6.x86_64.rpm kernel-doc-4.14.137-1.mga6.noarch.rpm kernel-server-4.14.137-1.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-4.14.137-1.mga6-1-1.mga6.x86_64.rpm kernel-server-devel-latest-4.14.137-1.mga6.x86_64.rpm kernel-server-latest-4.14.137-1.mga6.x86_64.rpm kernel-source-4.14.137-1.mga6-1-1.mga6.noarch.rpm kernel-source-latest-4.14.137-1.mga6.noarch.rpm kernel-userspace-headers-4.14.137-1.mga6.x86_64.rpm perf-4.14.137-1.mga6.x86_64.rpm vboxadditions-kernel-4.14.137-desktop-1.mga6-6.0.10-2.mga6.x86_64.rpm vboxadditions-kernel-4.14.137-server-1.mga6-6.0.10-2.mga6.x86_64.rpm vboxadditions-kernel-desktop-latest-6.0.10-2.mga6.x86_64.rpm vboxadditions-kernel-server-latest-6.0.10-2.mga6.x86_64.rpm virtualbox-kernel-4.14.137-desktop-1.mga6-6.0.10-2.mga6.x86_64.rpm virtualbox-kernel-4.14.137-server-1.mga6-6.0.10-2.mga6.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.10-2.mga6.x86_64.rpm virtualbox-kernel-server-latest-6.0.10-2.mga6.x86_64.rpm xtables-addons-kernel-4.14.137-desktop-1.mga6-2.13-90.mga6.x86_64.rpm xtables-addons-kernel-4.14.137-server-1.mga6-2.13-90.mga6.x86_64.rpm xtables-addons-kernel-desktop-latest-2.13-90.mga6.x86_64.rpm xtables-addons-kernel-server-latest-2.13-90.mga6.x86_64.rpm
on mga6-64 kernel-desktop plasma packages installed cleanly: - cpupower-4.14.137-1.mga6.x86_64 - kernel-desktop-4.14.137-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-4.14.137-1.mga6-1-1.mga6.x86_64 - kernel-desktop-devel-latest-4.14.137-1.mga6.x86_64 - kernel-desktop-latest-4.14.137-1.mga6.x86_64 - kernel-userspace-headers-4.14.137-1.mga6.x86_64 - virtualbox-kernel-4.14.137-desktop-1.mga6-6.0.10-2.mga6.x86_64 - virtualbox-kernel-desktop-latest-6.0.10-2.mga6.x86_64 system rebooted normally: $ uname -r 4.14.137-desktop-1.mga6 # dkms status virtualbox, 6.0.10-1.mga6, 4.14.137-desktop-1.mga6, x86_64: installed-binary from 4.14.137-desktop-1.mga6 vbox and client launched normally no regressions noted looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.13.1 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530 Also installed kernel-desktop-4.14.137 in mga6-32 vbox client - no regressions noted
CC: (none) => jim
AMD x2-3800 nvidia 6150le (uses nouveau) - cpupower-4.14.137-1.mga6.i586 - cpupower-devel-4.14.137-1.mga6.i586 - kernel-desktop-4.14.137-1.mga6-1-1.mga6.i586 $ uname -a Linux localhost 4.14.137-desktop-1.mga6 #1 SMP Wed Aug 7 15:08:19 UTC 2019 i686 i686 i686 GNU/Linux Tested: firefox, chromium, samba server, apache web server, libreoffice All are working as designed.
CC: (none) => brtians1
OK mga6-64, i7-3770, Nvidia GPU and driver, Plasma Been using it several hours; Thunderbird, LibreOffice6, video with sound in Firefox, VirtualBox running MSW7 incl USB2 flash stick writen by windows media creation tool. CUDA and OpenCL recognized by BOINC. Smooth installation and reboot. This system also updates all installed to testing. $ uname -a Linux svarten 4.14.137-desktop-1.mga6 #1 SMP Wed Aug 7 11:51:54 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Hardware: i7-3770 (upgraded since last kernel), Nvidia GTX760 (GK104) using proprietary driver GeForce 420 and later, with CUDA & OpenCL detected OK in BOINC (but not used), / & /home & swap in LVM on LUKS on SSD
CC: (none) => fri
64 bit OK on laptop Acer Aspire 7 A717-71G: Intel i5, Nvidia and Intel GPU:s but only intel is configured, as per default in Mageia installer. Disk: nVME SSD, EFI boot, separate /boot, then rest of system in LVM lv:s in a LUKS encrypted pv. Play video with audio in firefox, other normal use for a while... Suspend-resume incl wifi etc works.
Advisory, added to svn: type: security subject: Updated kernel packages fix security vulnerabilities CVE: - CVE-2019-1125 - CVE-2019-3846 - CVE-2019-3900 - CVE-2019-10207 src: 6: core: - kernel-4.14.137-1.mga6 - kernel-userspace-headers-4.14.137-1.mga6 - kmod-vboxadditions-6.0.10-2.mga6 - kmod-virtualbox-6.0.10-2.mga6 - kmod-xtables-addons-2.13-90.mga6 - wireguard-tools-0.0.20190702-1.mga6 description: | This kernel update is based on the upstream 4.14.137 and fixes atleast the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125). A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (CVE-2019-3846). An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (CVE-2019-3900). A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207). WireGuard has been updated to 0.0.20190702. For other uptstream fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=25239 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.132 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.133 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.135 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.136 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.137
Keywords: (none) => advisory
Whiteboard: (none) => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0221.html
Status: NEW => RESOLVEDResolution: (none) => FIXED