bug and security fixes, including a fix for a local root exploit advisory will follow... SRPMS: kernel-5.10.52-1.mga8.src.rpm kmod-virtualbox-6.1.22-1.12.mga8.src.rpm kmod-xtables-addons-3.18-1.12.mga8.src.rpm i586: bpftool-5.10.52-1.mga8.i586.rpm cpupower-5.10.52-1.mga8.i586.rpm cpupower-devel-5.10.52-1.mga8.i586.rpm kernel-desktop-5.10.52-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-5.10.52-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-5.10.52-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-latest-5.10.52-1.mga8.i586.rpm kernel-desktop586-latest-5.10.52-1.mga8.i586.rpm kernel-desktop-devel-5.10.52-1.mga8-1-1.mga8.i586.rpm kernel-desktop-devel-latest-5.10.52-1.mga8.i586.rpm kernel-desktop-latest-5.10.52-1.mga8.i586.rpm kernel-doc-5.10.52-1.mga8.noarch.rpm kernel-server-5.10.52-1.mga8-1-1.mga8.i586.rpm kernel-server-devel-5.10.52-1.mga8-1-1.mga8.i586.rpm kernel-server-devel-latest-5.10.52-1.mga8.i586.rpm kernel-server-latest-5.10.52-1.mga8.i586.rpm kernel-source-5.10.52-1.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.10.52-1.mga8.noarch.rpm kernel-userspace-headers-5.10.52-1.mga8.i586.rpm libbpf0-5.10.52-1.mga8.i586.rpm libbpf-devel-5.10.52-1.mga8.i586.rpm perf-5.10.52-1.mga8.i586.rpm xtables-addons-kernel-5.10.52-desktop-1.mga8-3.18-1.12.mga8.i586.rpm xtables-addons-kernel-5.10.52-desktop586-1.mga8-3.18-1.12.mga8.i586.rpm xtables-addons-kernel-5.10.52-server-1.mga8-3.18-1.12.mga8.i586.rpm xtables-addons-kernel-desktop586-latest-3.18-1.12.mga8.i586.rpm xtables-addons-kernel-desktop-latest-3.18-1.12.mga8.i586.rpm xtables-addons-kernel-server-latest-3.18-1.12.mga8.i586.rpm x86_64: bpftool-5.10.52-1.mga8.x86_64.rpm cpupower-5.10.52-1.mga8.x86_64.rpm cpupower-devel-5.10.52-1.mga8.x86_64.rpm kernel-desktop-5.10.52-1.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-5.10.52-1.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-latest-5.10.52-1.mga8.x86_64.rpm kernel-desktop-latest-5.10.52-1.mga8.x86_64.rpm kernel-doc-5.10.52-1.mga8.noarch.rpm kernel-server-5.10.52-1.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-5.10.52-1.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-latest-5.10.52-1.mga8.x86_64.rpm kernel-server-latest-5.10.52-1.mga8.x86_64.rpm kernel-source-5.10.52-1.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.10.52-1.mga8.noarch.rpm kernel-userspace-headers-5.10.52-1.mga8.x86_64.rpm lib64bpf0-5.10.52-1.mga8.x86_64.rpm lib64bpf-devel-5.10.52-1.mga8.x86_64.rpm perf-5.10.52-1.mga8.x86_64.rpm virtualbox-kernel-5.10.52-desktop-1.mga8-6.1.22-1.12.mga8.x86_64.rpm virtualbox-kernel-5.10.52-server-1.mga8-6.1.22-1.12.mga8.x86_64.rpm virtualbox-kernel-desktop-latest-6.1.22-1.12.mga8.x86_64.rpm virtualbox-kernel-server-latest-6.1.22-1.12.mga8.x86_64.rpm xtables-addons-kernel-5.10.52-desktop-1.mga8-3.18-1.12.mga8.x86_64.rpm xtables-addons-kernel-5.10.52-server-1.mga8-3.18-1.12.mga8.x86_64.rpm xtables-addons-kernel-desktop-latest-3.18-1.12.mga8.x86_64.rpm xtables-addons-kernel-server-latest-3.18-1.12.mga8.x86_64.rpm
No regressions noticed with the 5.10.52-server-1.mga8 package on one x86_64 mga8 system so far.
CC: (none) => davidwhodgins
Same test as Comment 1: No regressions noticed with the 5.10.52-desktop-1.mga8 package $ inxi -MSxx System: Host: mageia.local Kernel: 5.10.52-desktop-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 Machine: Type: Desktop System: Gigabyte product: Z170X-Ultra Gaming v: N/A Mobo: Gigabyte model: Z170X-Ultra Gaming-CF UEFI: American Megatrends v: F23j date: 03/09/2018 Virtualbox OK. 4 mga8 Clients also. 1 opensuse client same. 1 Windows 10 Client is OK. WiFi OK, Bluetooth OK, nvidia well rebuilt. Audio OK. Ethernet OK.
CC: (none) => ouaurelien
No regressions on another bios system running the desktop kernel, a uefi system running the server kernel, and an aarch64 (rpi4b) system. Also a vb install running mga8 x86_64 and a vb install running mga8 i586. All of my systems, everything is working normally.
Advisory, added to svn : type: security subject: Updated kernel packages fix security vulnerabilities CVE: - CVE-2021-3609 - CVE-2021-33909 src: 8: core: - kernel-5.10.52-1.mga8 - kmod-virtualbox-6.1.22-1.12.mga8 - kmod-xtables-addons-3.18-1.12.mga8 description: | This kernel update is based on upstream 5.10.52 and fixes atleast the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root (CVE-2021-3609). fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user (CVE-2021-33909). Other fixes in this update: - rtl8xxxu: disable interrupt_in transfer for 8188cu and 8192cu For other upstream fixes, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=29271 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.49 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.50 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52 - https://www.openwall.com/lists/oss-security/2021/06/19/1 - https://www.openwall.com/lists/oss-security/2021/07/20/1
Keywords: (none) => advisory
installed and tested on asus prime x399 with TR 1950X, and Nvidia 1070ti no obvious negative impact
CC: (none) => peter.winterflood
Trying to select the kernel-desktop-devel draws in - kernel-desktop-devel-5.12.15-1.mga8-1-1.mga8.x86_64 which is nonsense - does not even exist in the repo.
CC: (none) => herman.viaene
But if I select simply the kernel-desktop-devel-latest, then this draws in the correct item. Same ges for the xtables-addons-kernel-5.10.52-desktop- Intalling works OK then, now waiting for reboot.
Tested desktop kernel on a Probook 6550b 64-bit Plasma MBR system - no obvious regressions noted. Will test i586 desktop with Foolishness in a little while.
CC: (none) => andrewsfarm
(In reply to Herman Viaene from comment #6) > Trying to select the kernel-desktop-devel draws in - > kernel-desktop-devel-5.12.15-1.mga8-1-1.mga8.x86_64 which is nonsense - does > not even exist in the repo. Probably Bug 29148 rearing its ugly head.
After reboot, wifi, NFS-access, internet connection, some file types tested, all OK.
MGA8 - 64bit - Laptop A6 APU The following 3 packages are going to be installed: - cpupower-5.10.52-1.mga8.x86_64 - kernel-desktop-5.10.52-1.mga8-1-1.mga8.x86_64 - kernel-desktop-latest-5.10.52-1.mga8.x86_64 -- rebooted or for some framers out there, I IPL'd -- System came back fine $ uname -a Linux localhost.localdomain 5.10.52-desktop-1.mga8 #1 SMP Tue Jul 20 17:00:24 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux - sleep works - browser works - wifi, etc. is working
CC: (none) => brtians1
Foolishness (Dell Inspiron 5100, P4, Radeon RV200 graphics, Atheros-based wifi, 32-bit Xfce system) seems happy enough with this desktop kernel. No obvious problems noted.
AMD Phenom II 910, AMD HD 8490 graphics, Atheros-based wifi, 64-bit Plasma system using the desktop kernel. Also, same hardware, 32-bit Plasma system using the server kernel. On both systems, no installation issues, and after a reboot, no obvious regressions were noted.
AMD x2-3800 - Nouveau, used as Nextcloud server The following 3 packages are going to be installed: - cpupower-5.10.52-1.mga8.i586 - kernel-server-5.10.52-1.mga8-1-1.mga8.i586 - kernel-server-latest-5.10.52-1.mga8.i586 ----- $ uname -a Linux localhost.localdomain 5.10.52-server-1.mga8 #1 SMP Tue Jul 20 17:31:36 UTC 2021 i686 i686 i386 GNU/Linux Exercised nextcloud from another machine. The server is serving as expected
Mga8-64 OK here Was running backport kernel 5.12.15; downgraded cpupower and kernel-userspace-headers, installed -5.10.52 kernel-desktop, kernel-desktop-devel, virtualbox-kernel desktop Also already updated to testing: mesa, x11, systemd, kernel-firmware-nonfree $ uname -a Linux svarten.tribun 5.10.52-desktop-1.mga8 #1 SMP Tue Jul 20 17:00:24 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display. Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner dkms status tells me VirtualBox and nvidia-current are OK. BOINC detects CUDA and OpenCL Been using it now and then today Plasma desktop, using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, Firefox ESR, flatpak Firefox... Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chrome, nor Firefox ESR but do in flatpak version. VirtualBox running MSW7 64 bit OK: graphics, window resize, bidirectional clipboard, drag file from Dolphin to Explorer, folder sharing write protected and not, folder sharing, USB2 with plugin from upstream using USB stick, internet video playing in Firefox and Chrome.
CC: (none) => fri
Dell Dimension e520, Core2Quad, AMD HD 8570 graphics, rtl8192cu wifi dongle, 64-bit Plasma system. No installation issues. After the reboot tried this and that, including watching Steve McQueen battle The Blob in VLC. No issues noted.
x86_64 5.10.52-desktop-1.mga8 No problems so far on 10-Core Intel Core i9-7900X
CC: (none) => tarazed25
i5-2500, Intel graphics, 64-bit Plasma test system, using the server kernel and rtl8192eu wifi dongle. No installation issues. Quite a delay in the last "remove" phase of installation, probably while the rtl8192eu module was being built. After the reboot, the wifi connected, but the net_applet icon was not reporting it correctly. (possibly because this hardware is also connected via Ethernet) Ran VirtualBox and got numerous updates to a Mageia 8 guest, through the wifi connection, so both wifi and VirtualBox modules are functioning correctly. Using it to make this report. Also, same hardware, without the rtl8192eu dongle, 64-bit Plasma system using the desktop kernel. This is my production system, and has been used off and on for several hours, with no issues noted.
Thanks for all testing. Flushing out
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK, MGA8-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0366.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED