Security and bugfixes, advisory will follow... SRPMS: kernel-5.15.110-1.mga8.src.rpm kmod-virtualbox-7.0.8-1.1.mga8.src.rpm kmod-xtables-addons-3.23-1.12.mga8.src.rpm i586: bpftool-5.15.110-1.mga8.i586.rpm cpupower-5.15.110-1.mga8.i586.rpm cpupower-devel-5.15.110-1.mga8.i586.rpm kernel-desktop-5.15.110-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-5.15.110-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-5.15.110-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-latest-5.15.110-1.mga8.i586.rpm kernel-desktop586-latest-5.15.110-1.mga8.i586.rpm kernel-desktop-devel-5.15.110-1.mga8-1-1.mga8.i586.rpm kernel-desktop-devel-latest-5.15.110-1.mga8.i586.rpm kernel-desktop-latest-5.15.110-1.mga8.i586.rpm kernel-doc-5.15.110-1.mga8.noarch.rpm kernel-server-5.15.110-1.mga8-1-1.mga8.i586.rpm kernel-server-devel-5.15.110-1.mga8-1-1.mga8.i586.rpm kernel-server-devel-latest-5.15.110-1.mga8.i586.rpm kernel-server-latest-5.15.110-1.mga8.i586.rpm kernel-source-5.15.110-1.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.15.110-1.mga8.noarch.rpm kernel-userspace-headers-5.15.110-1.mga8.i586.rpm libbpf0-5.15.110-1.mga8.i586.rpm libbpf-devel-5.15.110-1.mga8.i586.rpm perf-5.15.110-1.mga8.i586.rpm xtables-addons-kernel-5.15.110-desktop-1.mga8-3.23-1.12.mga8.i586.rpm xtables-addons-kernel-5.15.110-desktop586-1.mga8-3.23-1.12.mga8.i586.rpm xtables-addons-kernel-5.15.110-server-1.mga8-3.23-1.12.mga8.i586.rpm xtables-addons-kernel-desktop586-latest-3.23-1.12.mga8.i586.rpm xtables-addons-kernel-desktop-latest-3.23-1.12.mga8.i586.rpm xtables-addons-kernel-server-latest-3.23-1.12.mga8.i586.rpm x86_64: bpftool-5.15.110-1.mga8.x86_64.rpm cpupower-5.15.110-1.mga8.x86_64.rpm cpupower-devel-5.15.110-1.mga8.x86_64.rpm kernel-desktop-5.15.110-1.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-5.15.110-1.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-latest-5.15.110-1.mga8.x86_64.rpm kernel-desktop-latest-5.15.110-1.mga8.x86_64.rpm kernel-doc-5.15.110-1.mga8.noarch.rpm kernel-server-5.15.110-1.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-5.15.110-1.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-latest-5.15.110-1.mga8.x86_64.rpm kernel-server-latest-5.15.110-1.mga8.x86_64.rpm kernel-source-5.15.110-1.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.15.110-1.mga8.noarch.rpm kernel-userspace-headers-5.15.110-1.mga8.x86_64.rpm lib64bpf0-5.15.110-1.mga8.x86_64.rpm lib64bpf-devel-5.15.110-1.mga8.x86_64.rpm perf-5.15.110-1.mga8.x86_64.rpm virtualbox-kernel-5.15.110-desktop-1.mga8-7.0.8-1.1.mga8.x86_64.rpm virtualbox-kernel-5.15.110-server-1.mga8-7.0.8-1.1.mga8.x86_64.rpm virtualbox-kernel-desktop-latest-7.0.8-1.1.mga8.x86_64.rpm virtualbox-kernel-server-latest-7.0.8-1.1.mga8.x86_64.rpm xtables-addons-kernel-5.15.110-desktop-1.mga8-3.23-1.12.mga8.x86_64.rpm xtables-addons-kernel-5.15.110-server-1.mga8-3.23-1.12.mga8.x86_64.rpm xtables-addons-kernel-desktop-latest-3.23-1.12.mga8.x86_64.rpm xtables-addons-kernel-server-latest-3.23-1.12.mga8.x86_64.rpm
advisory, added to svn... type: security subject: Updated kernel packages fix security vulnerabilities CVE: - CVE-2023-1380 - CVE-2023-1859 - CVE-2023-2002 - CVE-2023-2248 - CVE-2023-31436 src: 8: core: - kernel-5.15.110-1.mga8 - kmod-virtualbox-7.0.8-1.1.mga8 - kmod-xtables-addons-3.23-1.12.mga8 description: | This kernel update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service (CVE-2023-1380). It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or expose sensitive information (CVE-2023-1859). An insufficient permission check has been found in the Bluetooth subsystem of the Linux kernel when handling ioctl system calls of HCI sockets. This causes tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets as _trusted_. Trusted sockets are intended to enable the sending and receiving of management commands and events, such as pairing or connecting with a new device. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands (CVE-2023-2002). A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX (CVE-2023-2248). qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX (CVE-2023-31436). For other upstream fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=31875 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.107 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.108 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.109 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.110
Keywords: (none) => advisory
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Wifi, NFS access to NFS-shares, WWW, different file types, all works OK (except that pestering issue bug 31021).
CC: (none) => herman.viaene
putting on hold, adding another critical security fix... a kernel-5.15.110-2.mga8 is building
Keywords: (none) => feedback
new set: SRPMS: kernel-5.15.110-2.mga8.src.rpm kmod-virtualbox-7.0.8-1.2.mga8.src.rpm kmod-xtables-addons-3.23-1.14.mga8.src.rpm i586: bpftool-5.15.110-2.mga8.i586.rpm cpupower-5.15.110-2.mga8.i586.rpm cpupower-devel-5.15.110-2.mga8.i586.rpm kernel-desktop-5.15.110-2.mga8-1-1.mga8.i586.rpm kernel-desktop586-5.15.110-2.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-5.15.110-2.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-latest-5.15.110-2.mga8.i586.rpm kernel-desktop586-latest-5.15.110-2.mga8.i586.rpm kernel-desktop-devel-5.15.110-2.mga8-1-1.mga8.i586.rpm kernel-desktop-devel-latest-5.15.110-2.mga8.i586.rpm kernel-desktop-latest-5.15.110-2.mga8.i586.rpm kernel-doc-5.15.110-2.mga8.noarch.rpm kernel-server-5.15.110-2.mga8-1-1.mga8.i586.rpm kernel-server-devel-5.15.110-2.mga8-1-1.mga8.i586.rpm kernel-server-devel-latest-5.15.110-2.mga8.i586.rpm kernel-server-latest-5.15.110-2.mga8.i586.rpm kernel-source-5.15.110-2.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.15.110-2.mga8.noarch.rpm kernel-userspace-headers-5.15.110-2.mga8.i586.rpm libbpf0-5.15.110-2.mga8.i586.rpm libbpf-devel-5.15.110-2.mga8.i586.rpm perf-5.15.110-2.mga8.i586.rpm xtables-addons-kernel-5.15.110-desktop-2.mga8-3.23-1.14.mga8.i586.rpm xtables-addons-kernel-5.15.110-desktop586-2.mga8-3.23-1.14.mga8.i586.rpm xtables-addons-kernel-5.15.110-server-2.mga8-3.23-1.14.mga8.i586.rpm xtables-addons-kernel-desktop586-latest-3.23-1.14.mga8.i586.rpm xtables-addons-kernel-desktop-latest-3.23-1.14.mga8.i586.rpm xtables-addons-kernel-server-latest-3.23-1.14.mga8.i586.rpm x86_64: bpftool-5.15.110-2.mga8.x86_64.rpm cpupower-5.15.110-2.mga8.x86_64.rpm cpupower-devel-5.15.110-2.mga8.x86_64.rpm kernel-desktop-5.15.110-2.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-5.15.110-2.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-latest-5.15.110-2.mga8.x86_64.rpm kernel-desktop-latest-5.15.110-2.mga8.x86_64.rpm kernel-doc-5.15.110-2.mga8.noarch.rpm kernel-server-5.15.110-2.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-5.15.110-2.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-latest-5.15.110-2.mga8.x86_64.rpm kernel-server-latest-5.15.110-2.mga8.x86_64.rpm kernel-source-5.15.110-2.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.15.110-2.mga8.noarch.rpm kernel-userspace-headers-5.15.110-2.mga8.x86_64.rpm lib64bpf0-5.15.110-2.mga8.x86_64.rpm lib64bpf-devel-5.15.110-2.mga8.x86_64.rpm perf-5.15.110-2.mga8.x86_64.rpm virtualbox-kernel-5.15.110-desktop-2.mga8-7.0.8-1.2.mga8.x86_64.rpm virtualbox-kernel-5.15.110-server-2.mga8-7.0.8-1.2.mga8.x86_64.rpm virtualbox-kernel-desktop-latest-7.0.8-1.2.mga8.x86_64.rpm virtualbox-kernel-server-latest-7.0.8-1.2.mga8.x86_64.rpm xtables-addons-kernel-5.15.110-desktop-2.mga8-3.23-1.14.mga8.x86_64.rpm xtables-addons-kernel-5.15.110-server-2.mga8-3.23-1.14.mga8.x86_64.rpm xtables-addons-kernel-desktop-latest-3.23-1.14.mga8.x86_64.rpm xtables-addons-kernel-server-latest-3.23-1.14.mga8.x86_64.rpm
Keywords: feedback => (none)Severity: normal => majorPriority: Normal => HighSummary: Update request: kernel-5.15.110-1.mga8 => Update request: kernel-5.15.110-2.mga8
No regressions noticed on my three systems, two x86_64 systems and an rpi 4b all running the server flavour.
CC: (none) => davidwhodgins
No regressions noticed in an i586 vb guest running the desktop kernel. With an x86_64 vb guest, had a lock up after starting a konsole in plasma after the first boot with the updated desktop kernel. After resetting the vb guest, it seems to be working ok. The last part of "journalctl -b -1 --no-h" shows ... May 09 11:18:53 kernel: WARNING: CPU: 0 PID: 273 at drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c:400 vmw_cmdbuf_ctx_process+0x20e/0x220 [vmwgfx] May 09 11:18:53 kernel: Modules linked in: ip6t_REJECT nf_reject_ipv6 bridge stp llc ip6table_nat ip6table_mangle ip6table_raw ip6table_filter ip6_tables xt_recent ipt_IF> May 09 11:18:53 kernel: snd_hda_core joydev snd_hwdep snd_pcm psmouse snd_timer input_leds tpm_tis tpm_tis_core tpm e1000 snd i2c_piix4 soundcore ac vboxguest button sch> May 09 11:18:53 kernel: CPU: 0 PID: 273 Comm: irq/18-vmwgfx Tainted: G W 5.15.110-desktop-2.mga8 #1 May 09 11:18:53 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 May 09 11:18:53 kernel: RIP: 0010:vmw_cmdbuf_ctx_process+0x20e/0x220 [vmwgfx] May 09 11:18:53 kernel: Code: 18 83 00 01 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f e9 05 9a bd ce 48 c7 c7 2e 5f 24 c0 c6 05 86 4e 03 00 01 e8 fc 6a 83 ce <0f> 0b e9 64 > May 09 11:18:53 kernel: RSP: 0018:ffffb52ec016bdf0 EFLAGS: 00010286 May 09 11:18:53 kernel: RAX: 0000000000000000 RBX: ffff8be30150c488 RCX: ffff8be31bc1c5c8 May 09 11:18:53 kernel: RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8be31bc1c5c0 May 09 11:18:53 kernel: RBP: 0000000000000003 R08: 0000000000000000 R09: ffffb52ec016bc28 May 09 11:18:53 kernel: R10: ffffb52ec016bc20 R11: ffffffff8f6c4148 R12: ffff8be246f13e00 May 09 11:18:53 kernel: R13: ffff8be30150c670 R14: ffff8be246f13200 R15: ffff8be246f13e18 May 09 11:18:53 kernel: FS: 0000000000000000(0000) GS:ffff8be31bc00000(0000) knlGS:0000000000000000 May 09 11:18:53 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 09 11:18:53 kernel: CR2: 00007f0b139d1110 CR3: 0000000011102000 CR4: 00000000000406f0 May 09 11:18:53 kernel: Call Trace: May 09 11:18:53 kernel: <TASK> May 09 11:18:53 kernel: ? irq_finalize_oneshot.part.0+0xe0/0xe0 May 09 11:18:53 kernel: vmw_cmdbuf_man_process+0x59/0x100 [vmwgfx] May 09 11:18:53 kernel: vmw_cmdbuf_irqthread+0x1d/0x30 [vmwgfx] May 09 11:18:53 kernel: vmw_thread_fn+0x36/0x70 [vmwgfx] May 09 11:18:53 kernel: irq_thread_fn+0x20/0x60 May 09 11:18:53 kernel: irq_thread+0xd7/0x1a0 May 09 11:18:53 kernel: ? irq_thread_fn+0x60/0x60 May 09 11:18:53 kernel: ? irq_thread_check_affinity+0x90/0x90 May 09 11:18:53 kernel: kthread+0x127/0x150 May 09 11:18:53 kernel: ? set_kthread_struct+0x50/0x50 May 09 11:18:53 kernel: ret_from_fork+0x22/0x30 May 09 11:18:53 kernel: </TASK> May 09 11:18:53 kernel: ---[ end trace 56ae893da7758579 ]--- May 09 11:19:07 kernel: [drm:drm_crtc_commit_wait [drm]] *ERROR* flip_done timed out May 09 11:19:07 kernel: [drm:drm_atomic_helper_wait_for_dependencies [drm_kms_helper]] *ERROR* [CRTC:38:crtc-0] commit wait timed out May 09 11:19:10 rtkit-daemon[744]: The canary thread is apparently starving. Taking action. May 09 11:19:10 rtkit-daemon[744]: Demoting known real-time threads. May 09 11:19:10 rtkit-daemon[744]: Demoted 0 threads. Same error repeated for CPU 1. There are two cpu cores available to the guest.
After a couple of hours using the m8 x86-64 vb guest, no repeat of the lockup.
When shutting down the guest it stopped, required closing/powering off the guest. journal from that boot ends with ... May 09 14:10:50 systemd[1]: shorewall.service: Unit process 391487 (logger) remains running after unit stopped. May 09 14:10:50 systemd[1]: Stopped Shorewall IPv4 firewall. May 09 14:10:50 systemd[1]: Stopped target Network is Online. May 09 14:11:50 systemd[1]: user@1000.service: Processes still around after SIGKILL. Ignoring. May 09 14:11:50 systemd[1]: user@984.service: Processes still around after SIGKILL. Ignoring. May 09 14:12:20 systemd[1]: systemd-logind.service: State 'final-sigterm' timed out. Killing. May 09 14:12:20 systemd[1]: systemd-logind.service: Killing process 750 (systemd-logind) with signal SIGKILL. May 09 14:12:20 systemd[1]: systemd-logind.service: Killing process 391417 (close) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@1000.service: State 'final-sigterm' timed out. Killing. May 09 14:13:50 systemd[1]: user@1000.service: Killing process 3527 (systemd) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@1000.service: Killing process 330193 (xdg-desktop-por) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@1000.service: Killing process 3785 (obexd) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@1000.service: Killing process 3541 (pipewire) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@1000.service: Killing process 3545 (pipewire-media-) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@1000.service: Killing process 3543 (dbus-daemon) with signal SIGKILL. May 09 14:13:50 systemd[1]: user@984.service: State 'final-sigterm' timed out. Killing. May 09 14:13:50 systemd[1]: user@984.service: Killing process 391306 (systemd) with signal SIGKILL. May 09 14:13:50 systemd[1]: systemd-logind.service: Processes still around after final SIGKILL. Entering failed mode. May 09 14:13:50 systemd[1]: systemd-logind.service: Failed with result 'timeout'. May 09 14:13:50 systemd[1]: Stopped User Login Management. May 09 14:15:50 systemd[1]: user@1000.service: Processes still around after final SIGKILL. Entering failed mode. May 09 14:15:50 systemd[1]: user@1000.service: Failed with result 'timeout'. May 09 14:15:50 systemd[1]: user@1000.service: Unit process 3527 (systemd) remains running after unit stopped. May 09 14:15:50 systemd[1]: user@1000.service: Unit process 3785 (obexd) remains running after unit stopped. May 09 14:15:50 systemd[1]: user@1000.service: Unit process 3541 (pipewire) remains running after unit stopped. May 09 14:15:50 systemd[1]: user@1000.service: Unit process 3545 (pipewire-media-) remains running after unit stopped. May 09 14:15:50 systemd[1]: user@1000.service: Unit process 3543 (dbus-daemon) remains running after unit stopped. May 09 14:15:50 systemd[1]: Stopped User Manager for UID 1000. May 09 14:15:50 systemd[1]: user@1000.service: Consumed 52.249s CPU time. May 09 14:15:50 systemd[1]: user@984.service: Processes still around after final SIGKILL. Entering failed mode. May 09 14:15:50 systemd[1]: user@984.service: Failed with result 'timeout'. May 09 14:15:50 systemd[1]: user@984.service: Unit process 391306 (systemd) remains running after unit stopped. May 09 14:15:50 systemd[1]: Stopped User Manager for UID 984. The UID 984 is for sddm. I had logged out, and then selected shutdown from sddm.
After starting the guest again, running "systemctl poweroff" from within konsole works properly, but with the normal 90s wait for session c2 user dave. Logging out first and then selecting shutdown normally works, and avoids the wait.
Installed the usual suspect for my Nvidia box x3-450, GT730 Kernel-desktop-latest Kernel-desktop-devel-latest lib64bpf cpupower REEEBOOOTTTTEEEDD $ uname -a Linux localhost 5.15.110-desktop-2.mga8 #1 SMP Mon May 8 17:24:35 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux # nvidia-smi Tue May 9 14:33:46 2023 +-----------------------------------------------------------------------------+ | NVIDIA-SMI 390.157 Driver Version: 390.157 | |-------------------------------+----------------------+----------------------+ | GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | | Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | |===============================+======================+======================| | 0 GeForce GT 730 Off | 00000000:01:00.0 N/A | N/A | | 65% 48C P0 N/A / N/A | 128MiB / 963MiB | N/A Default | +-------------------------------+----------------------+----------------------+ Seems to be behaving so far. I'll keep using it.
CC: (none) => brtians1
HP Pavilion 15, AMD A8 4555 apu, AMD HD 7600G graphics, mga8-64 Plasma system. No installation issues, and no issues noted after rebooting.
CC: (none) => andrewsfarm
HP Probook 6550b, i3, Intel graphics, Broadcom-wl wifi, mga8-64 Plasma system. No installation issues, and no issues noted after the reboot.
Foolishness, my Dell Inspiron 5100, 32-bit P4, Radeon RV200 graphics, old Atheros-based wifi, mga8-32 Xfce system running the desktop kernel. No issues to report here.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK, MGA8-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0166.html
Status: NEW => RESOLVEDResolution: (none) => FIXED