Bug 25240 - Update request: kernel-5.2.7-1.mga7
Summary: Update request: kernel-5.2.7-1.mga7
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK, MGA7-32-OK
Keywords: advisory, validated_update
Depends on: 25202
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-08 11:31 CEST by Thomas Backlund
Modified: 2019-08-12 23:09 CEST (History)
4 users (show)

See Also:
Source RPM: kernel
CVE:
Status comment:


Attachments

Description Thomas Backlund 2019-08-08 11:31:54 CEST
- update to kernel 5.2 branch
- security fixes, including: CVE-2019-1125 "SWAPGS" Spectre Vulnerability
- bugfixes

SRPMS:
kernel-5.2.7-1.mga7.src.rpm
kernel-userspace-headers-5.2.7-1.mga7.src.rpm

kmod-virtualbox-6.0.10-3.mga7.src.rpm

kmod-xtables-addons-3.3-57.mga7.src.rpm
xtables-addons-3.3-2.mga7.src.rpm



i586:
bpftool-5.2.7-1.mga7.i586.rpm
cpupower-5.2.7-1.mga7.i586.rpm
cpupower-devel-5.2.7-1.mga7.i586.rpm
kernel-desktop-5.2.7-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-5.2.7-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-5.2.7-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-latest-5.2.7-1.mga7.i586.rpm
kernel-desktop586-latest-5.2.7-1.mga7.i586.rpm
kernel-desktop-devel-5.2.7-1.mga7-1-1.mga7.i586.rpm
kernel-desktop-devel-latest-5.2.7-1.mga7.i586.rpm
kernel-desktop-latest-5.2.7-1.mga7.i586.rpm
kernel-doc-5.2.7-1.mga7.noarch.rpm
kernel-server-5.2.7-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-5.2.7-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-latest-5.2.7-1.mga7.i586.rpm
kernel-server-latest-5.2.7-1.mga7.i586.rpm
kernel-source-5.2.7-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.2.7-1.mga7.noarch.rpm
kernel-userspace-headers-5.2.7-1.mga7.i586.rpm
libbpf0-5.2.7-1.mga7.i586.rpm
libbpf-devel-5.2.7-1.mga7.i586.rpm
perf-5.2.7-1.mga7.i586.rpm

virtualbox-kernel-5.2.7-desktop-1.mga7-6.0.10-3.mga7.i586.rpm
virtualbox-kernel-5.2.7-desktop586-1.mga7-6.0.10-3.mga7.i586.rpm
virtualbox-kernel-5.2.7-server-1.mga7-6.0.10-3.mga7.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.10-3.mga7.i586.rpm
virtualbox-kernel-desktop-latest-6.0.10-3.mga7.i586.rpm
virtualbox-kernel-server-latest-6.0.10-3.mga7.i586.rpm

dkms-xtables-addons-3.3-2.mga7.i586.rpm
iptaccount-3.3-2.mga7.i586.rpm
libaccount0-3.3-2.mga7.i586.rpm
libaccount-devel-3.3-2.mga7.i586.rpm
xtables-addons-3.3-2.mga7.i586.rpm
xtables-addons-kernel-5.2.7-desktop-1.mga7-3.3-57.mga7.i586.rpm
xtables-addons-kernel-5.2.7-desktop586-1.mga7-3.3-57.mga7.i586.rpm
xtables-addons-kernel-5.2.7-server-1.mga7-3.3-57.mga7.i586.rpm
xtables-addons-kernel-desktop586-latest-3.3-57.mga7.i586.rpm
xtables-addons-kernel-desktop-latest-3.3-57.mga7.i586.rpm
xtables-addons-kernel-server-latest-3.3-57.mga7.i586.rpm
xtables-geoip-3.3-2.mga7.noarch.rpm



x86_64:
bpftool-5.2.7-1.mga7.x86_64.rpm
cpupower-5.2.7-1.mga7.x86_64.rpm
cpupower-devel-5.2.7-1.mga7.x86_64.rpm
kernel-desktop-5.2.7-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-5.2.7-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-latest-5.2.7-1.mga7.x86_64.rpm
kernel-desktop-latest-5.2.7-1.mga7.x86_64.rpm
kernel-doc-5.2.7-1.mga7.noarch.rpm
kernel-server-5.2.7-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-5.2.7-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-latest-5.2.7-1.mga7.x86_64.rpm
kernel-server-latest-5.2.7-1.mga7.x86_64.rpm
kernel-source-5.2.7-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.2.7-1.mga7.noarch.rpm
kernel-userspace-headers-5.2.7-1.mga7.x86_64.rpm
lib64bpf0-5.2.7-1.mga7.x86_64.rpm
lib64bpf-devel-5.2.7-1.mga7.x86_64.rpm
perf-5.2.7-1.mga7.x86_64.rpm

virtualbox-kernel-5.2.7-desktop-1.mga7-6.0.10-3.mga7.x86_64.rpm
virtualbox-kernel-5.2.7-server-1.mga7-6.0.10-3.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.10-3.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.0.10-3.mga7.x86_64.rpm

dkms-xtables-addons-3.3-2.mga7.x86_64.rpm
iptaccount-3.3-2.mga7.x86_64.rpm
lib64account0-3.3-2.mga7.x86_64.rpm
lib64account-devel-3.3-2.mga7.x86_64.rpm
xtables-addons-3.3-2.mga7.x86_64.rpm
xtables-addons-kernel-5.2.7-desktop-1.mga7-3.3-57.mga7.x86_64.rpm
xtables-addons-kernel-5.2.7-server-1.mga7-3.3-57.mga7.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.3-57.mga7.x86_64.rpm
xtables-addons-kernel-server-latest-3.3-57.mga7.x86_64.rpm
xtables-geoip-3.3-2.mga7.noarch.rpm
Comment 1 Thomas Backlund 2019-08-08 11:40:22 CEST
Note that this one is also already in Cauldron since ~1 day, so it's already being tested
Comment 2 Thomas Backlund 2019-08-08 11:45:21 CEST
Works here on x86_64 server, desktop and laptop without issues...
Comment 3 Brian Rockwell 2019-08-08 20:04:57 CEST
AMD x3, Nvidia 730GT (Nvidia 390 driver) - phys hardware

- cpupower-5.2.7-1.mga7.x86_64
- kernel-desktop-5.2.7-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.2.7-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.2.7-1.mga7.x86_64
- kernel-desktop-latest-5.2.7-1.mga7.x86_64


Rebooted - it failed to nouveau after attempting to build 390 driver

I installed nvidia390.390-129 driver and dkms for it.

Configured nvidia and rebooted - then it worked properly.

Does this depend on the nvidia390-390.129-1 modules?

CC: (none) => brtians1

Comment 4 Thomas Backlund 2019-08-08 20:13:34 CEST
Ah, indeed I forgot to mention that we need to push nvidia390 before this goes out, sorry about that :/

Depends on: (none) => 25202

Comment 5 Len Lawrence 2019-08-08 20:23:10 CEST
mga7, x86_64

Installed all the desktop packages plus kernel-firmware-nonfree.

Working fine here also on Intel Core i9-7900X type: MT MCP
NVIDIA GP102 [GeForce GTX 1080 Ti] - nvidia 430.40

CC: (none) => tarazed25

Comment 6 Len Lawrence 2019-08-09 00:19:49 CEST
mga7, x86_64

Also running fine on an old Alienware X51 desktop machine.
Intel Core i7-2600 type: MT MCP
NVIDIA GF114 [GeForce GTX 555] - nvidia 390.129
Comment 7 James Kerr 2019-08-09 12:04:37 CEST
on mga7-64  kernel-desktop  plasma

packages installed cleanly:
- cpupower-5.2.7-1.mga7.x86_64
- kernel-desktop-5.2.7-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.2.7-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.2.7-1.mga7.x86_64
- kernel-desktop-latest-5.2.7-1.mga7.x86_64
- kernel-userspace-headers-5.2.7-1.mga7.x86_64
- virtualbox-kernel-5.2.7-desktop-1.mga7-6.0.10-3.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.10-3.mga7.x86_64

system re-booted normally:

$ uname -r
5.2.7-desktop-1.mga7

# dkms status
virtualbox, 6.0.10-1.mga7, 5.2.7-desktop-1.mga7, x86_64: installed-binary from 5.2.7-desktop-1.mga7

vbox and clients launched normally

no regressions observed

looks OK for mga7-64 on this system:

Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 
CPU: Intel Core i7-6700
Graphics: Intel HD Graphics 530 (Skylake GT2)

also updated to kernel-desktop586-5.2.7-1 in a mga7 32 bit vbox VM - 
no regressions observed

CC: (none) => jim

Comment 8 Thomas Backlund 2019-08-10 15:25:35 CEST
Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2019-1125
 - CVE-2019-10207
src:
  7:
   core:
     - kernel-5.2.7-1.mga7
     - kernel-userspace-headers-5.2.7-1.mga7
     - kmod-virtualbox-6.0.10-3.mga7
     - kmod-xtables-addons-3.3-57.mga7
     - xtables-addons-3.3-2.mga7
     - ldetect-lst-0.6.3-1.mga7
description: |
  This kernel update provides an update to the kernel 5.2 series, currently
  based on 5.2.7 adding support for newer hardware and other new features.
  It also fixes atleast the following security issues:

  A Spectre SWAPGS gadget was found in the Linux kernel's implementation of
  system interrupts. An attacker with local access could use this information
  to reveal private data through a Spectre like side channel (CVE-2019-1125).

  A flaw was found in the Linux kernel’s Bluetooth implementation of UART.
  An attacker with local access and write permissions to the Bluetooth
  hardware could use this flaw to issue a specially crafted ioctl function
  call and cause the system to crash (CVE-2019-10207).

  It also fixes an issue with newer Intel Wireless cards having firmware
  crashes with newer iwlwifi firmwares (mga#25143)

  For other uptstream features, changes and fixes in this update, see the
  referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25240
 - https://bugs.mageia.org/show_bug.cgi?id=25143
 - https://kernelnewbies.org/Linux_5.2
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.1
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.2
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.3
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.4
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.5
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.6
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.7

Keywords: (none) => advisory

Comment 9 Brian Rockwell 2019-08-10 20:13:43 CEST
PHys Hardware 

AMD A6-APU  --> R4 (Laptop)

Installed the desktop kernel, it working as designed.

$ uname -a
Linux localhost.localdomain 5.2.7-desktop-1.mga7 #1 SMP Wed Aug 7 10:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Comment 10 Len Lawrence 2019-08-11 21:42:48 CEST
x86_64

Quad Core: Intel Core i7-4790 type: MT MCP
NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 430.40

Installed or updated everything except the server packages.
nvidia and virtualbox modules rebuilt at the same time.

Had a look at the iptaccount modifications for shorewall but could not figure out what to use for eth1.  eth0 is fairly obvious but the name of the internet facing adapter on the router is not.

Rebooted smoothly to Mate desktop where everything is running fine.
# dkms status
virtualbox, 6.0.10-1.mga7, 5.2.7-desktop-1.mga7, x86_64: installed 
virtualbox, 6.0.10-1.mga7, 5.1.20-desktop-2.mga7, x86_64: installed 
nvidia-current, 430.40-1.mga7.nonfree, 5.2.7-desktop-1.mga7, x86_64: installed 
nvidia-current, 430.40-1.mga7.nonfree, 5.1.20-desktop-2.mga7, x86_64: installed 
xtables-addons, 3.3-2.mga7, 5.1.20-desktop-2.mga7, x86_64: installed 
xtables-addons, 3.3-2.mga7, 5.2.7-desktop-1.mga7, x86_64: installed-binary from 5.2.7-desktop-1.mga7
virtualbox, 6.0.10-1.mga7, 5.2.7-desktop-1.mga7, x86_64: installed-binary from 5.2.7-desktop-1.mga7
......
Thomas Backlund 2019-08-12 22:20:35 CEST

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK, MGA7-32-OK
CC: (none) => sysadmin-bugs

Comment 11 Mageia Robot 2019-08-12 23:09:38 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0220.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.