Security and bugfixes, advisory will follow... SRPMS: kernel-linus-5.10.33-1.mga8-1-1.mga8.src.rpm i586: kernel-linus-5.10.33-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-5.10.33-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-latest-5.10.33-1.mga8.i586.rpm kernel-linus-doc-5.10.33-1.mga8.noarch.rpm kernel-linus-latest-5.10.33-1.mga8.i586.rpm kernel-linus-source-5.10.33-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.10.33-1.mga8.noarch.rpm x86_64: kernel-linus-5.10.33-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-5.10.33-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-latest-5.10.33-1.mga8.x86_64.rpm kernel-linus-doc-5.10.33-1.mga8.noarch.rpm kernel-linus-latest-5.10.33-1.mga8.x86_64.rpm kernel-linus-source-5.10.33-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.10.33-1.mga8.noarch.rpm
Mga7 rpms: SRPMS: kernel-linus-5.10.33-1.mga7-1-1.mga7.src.rpm i586: kernel-linus-5.10.33-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-5.10.33-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-latest-5.10.33-1.mga7.i586.rpm kernel-linus-doc-5.10.33-1.mga7.noarch.rpm kernel-linus-latest-5.10.33-1.mga7.i586.rpm kernel-linus-source-5.10.33-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.33-1.mga7.noarch.rpm x86_64: kernel-linus-5.10.33-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-5.10.33-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-latest-5.10.33-1.mga7.x86_64.rpm kernel-linus-doc-5.10.33-1.mga7.noarch.rpm kernel-linus-latest-5.10.33-1.mga7.x86_64.rpm kernel-linus-source-5.10.33-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.33-1.mga7.noarch.rpm
Summary: Update request: kernel-linus-5.10.33-1.mga8 => Update request: kernel-linus-5.10.33-1.mga8/7Whiteboard: (none) => MGA7TOO
Advisory, added to svn: type: security subject: Updated kernel-linus packages fix security vulnerabilities CVE: - CVE-2021-23133 - CVE-2021-29155 src: 8: core: - kernel-linus-5.10.33-1.mga8 7: core: - kernel-linus-5.10.33-1.mga7 description: | This kernel-linus update is based on upstream 5.10.33 and fixes atleast the following security issues: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket (CVE-2021-23133). An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/ verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (CVE-2021-29155). For other upstream fixes, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=28858 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.31 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.32 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33
Keywords: (none) => advisory
Updated without source packages. Removed a slew of mga7 kernel packages left over from the recent mga7->mga8 upgrade and ran `drakboot --boot` before rebooting. Kernel: 5.10.33-1.mga8 x86_64 Mobo: MSI model: Z97-G43 (MS-7816) Quad Core Intel Core i7-4790 [MT MCP] NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 460.73.01 NFS shares mounted from fstab. Virtualbox launches Mageia 32-bit and 64-bit clients - working desktops. Common desktop applications work. vlc with pulseaudio plays videos. Logged in to another workstation on the LAN with ssh. Ran stress tests, glmark2, teapot, glxspheres. Installed and launched qgis. Ran stellarium, opened GIMP on an image and manipulated it. Played kmahjongg. Leaving this to run.
CC: (none) => tarazed25
System: Host: mageia.local Kernel: 5.10.33-1.mga8 x86_64 bits: 64 Desktop: KDE Plasma 5.20.4 Distro: Mageia 8 mga8 Installing: kernel-linus-latest-5.10.33-1.mga8.x86_64 kernel-linus-devel-latest-5.10.33-1.mga8.x86_64 kernel-linus-5.10.33-1.mga8-1-1.mga8.x86_64 kernel-linus-devel-5.10.33-1.mga8-1-1.mga8.x86_64 Rebooting with Grub2 making sure it loads kernel-linus (no mention to -desktop or -server in the version name) Graphics: Device-1: NVIDIA TU116 [GeForce GTX 1660 Ti] driver: nvidia v: 460.73.01 Display: x11 server: Mageia X.org 1.20.11 driver: nvidia,v4l resolution: 1: 1920x1080~60Hz 2: 1920x1080 OpenGL: renderer: GeForce GTX 1660 Ti/PCIe/SSE2 v: 4.6.0 NVIDIA 460.73.01 Audio: Device-1: Intel 100 Series/C230 Series Family HD Audio driver: snd_hda_intel Device-2: NVIDIA TU116 High Definition Audio driver: snd_hda_intel Device-3: Logitech HD Pro Webcam C920 type: USB driver: snd-usb-audio,uvcvideo Sound Server: ALSA v: k5.10.33-1.mga8 Network: Device-1: Intel Ethernet I219-V driver: e1000e Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi All working OK. Note dkms drivers for nvidia was rebuilt before with 5.10.33-desktop.
CC: (none) => ouaurelien
System: Host: mageia2.local Kernel: 5.10.33-1.mga7 x86_64 bits: 64 Desktop: KDE Plasma 5.15 Distro: Mageia 7 mga7 Installing: kernel-linus-latest-5.10.33-1.mga7.x86_64 kernel-linus-devel-latest-5.10.33-1.mga7.x86_64 kernel-linus-5.10.33-1.mga7-1-1.mga7.x86_64 kernel-linus-devel-5.10.33-1.mga7-1-1.mga7.x86_64 Rebooting with Grub2 making sure it loads kernel-linus (no mention to -desktop or -server in the version name) All working OK (WiFi, Bluetooth, Nvidia Geforce GTX 670). Note dkms drivers for nvidia was rebuilt before with 5.10.33-desktop. MGA7-64-OK MGA8-64-OK for comment 4. Validating.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0205.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED