Bug 8512 - Update request: kernel-tmb-3.4.24-2.mga2
Summary: Update request: kernel-tmb-3.4.24-2.mga2
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA2-64-OK MGA2-32-OK
Keywords: validated_update
Depends on: 8227
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-26 22:25 CET by Thomas Backlund
Modified: 2013-01-18 01:31 CET (History)
3 users (show)

See Also:
Source RPM: kernel-tmb-3.4.24-1.mga2
CVE:
Status comment:


Attachments
dmesg file booting kernel-tmb-laptop-3.4.24-1.mga2 (48.07 KB, text/plain)
2012-12-27 12:16 CET, David GEIGER
Details
dmesg file booting kernel-tmb-laptop-3.4.24-2.mga2 (48.23 KB, text/plain)
2013-01-12 11:41 CET, David GEIGER
Details

Description Thomas Backlund 2012-12-26 22:25:04 CET
Update request: kernel-tmb-3.4.24-1.mga2

Advisory:
- to be written

Testing:
- check that it installs, boots and runs ok.
- can even check that some dkms-* works with it

i586:
kernel-tmb-desktop-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-desktop586-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-desktop-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop-devel-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-desktop-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-laptop-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-laptop-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-server-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-server-latest-3.4.24-1.mga2.i586.rpm
kernel-tmb-source-3.4.24-1.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.24-1.mga2.noarch.rpm



x86_64:
kernel-tmb-desktop-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-desktop-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-laptop-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-server-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-server-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-source-3.4.24-1.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.24-1.mga2.noarch.rpm



SRPMS:
kernel-tmb-3.4.24-1.mga2.src.rpm
Thomas Backlund 2012-12-26 22:25:32 CET

Status: NEW => ASSIGNED
Depends on: (none) => 8227

Comment 1 Simon Putt 2012-12-27 11:54:30 CET
All hardware detected and working, dkms-virtualbox built ok and works well.

CPU~Hexa core AMD Phenom II X6 1090T (-MCP-) clocked at Min:800.000Mhz Max:3600.000Mhz Kernel~3.4.24-tmb-desktop-1.mga2 x86_64 Up~9:58 Mem~2290.3/16029.8MB HDD~4128.9GB(84.4% used) Procs~224 Client~Shell inxi~1.8.24

CC: (none) => lemonzest

Comment 2 David GEIGER 2012-12-27 12:16:56 CET
Created attachment 3295 [details]
dmesg file booting kernel-tmb-laptop-3.4.24-1.mga2

Testing complete for kernel-tmb-laptop-3.4.24-1.mga2 on Mageia release 2 (Official) for x86_64, for me it's Ok and work fine.

Install, boot, and run Ok, nothing to report. 

kernel-tmb-laptop-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.24-1.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.24-1.mga2.x86_64.rpm


My PC Laptop:

-ASUSTeK Computer Inc. K73SD/K73SD, BIOS K73SD.203 12/22/2011
-Graphical card : Intel and Nvidia (Optimus Technologie)
-VGA switcheroo: detected Optimus DSM method \_SB_.PCI0.PEG0.GFX0 handle
-CPU :  âIntel(R) Core(TM) i3-2350M CPU @ 2.30GHz

Card:Intel 810 and later: Intel Corporation|2nd Generation Core Processor
Family Integrated Graphics Controller [DISPLAY_VGA] (vendor:8086 device:0116
subv:1043 subd:1682) (rev: 09)

Card:NVIDIA GeForce 400 series and later: nVidia Corporation|Device 105a
[DISPLAY_VGA] (vendor:10de device:105a subv:1043 subd:2112) (rev: a1)
Comment 3 Manuel Hiebel 2012-12-29 11:05:04 CET
mga2, 64bits, the tmb works fine, dkms is ok, hardware works well. (it seems my fan is better controlled by this kernel than the desktop one :) )

Validating for x86_64 as to people should be enough.

Whiteboard: (none) => MGA2-64-OK

Comment 4 Thomas Backlund 2013-01-03 16:11:24 CET
Advisory:
This kernel-tmb update provides an upgrade to upstream 3.4-longterm branch.

This allows us to benefit from extra tests and maintenance from upstream
developers and testers, providing a very good base for Mageia users.


It also fixes the following security issues:
- Calling uname() with the UNAME26 personality set allows a leak of
  kernel stack contents. (CVE-2012-0957)

- NFC: Fix multiple remotely-exploitable stack-based buffer overflows due
  to the NCI code pulling length fields directly from incoming frames and
  copying too much data into statically-sized arrays. (CVE-2012-3364)

- A use-after-free flaw has been found in madvise_remove() function in 
  the Linux kernel. madvise_remove() can race with munmap (causing a
  use-after-free of the vma) or with close (causing a use-after-free of
  the struct file). An unprivileged local user can use this flaw to crash
  the system. (CVE-2012-3510)

- Pablo Neira Ayuso discovered that avahi and potentially NetworkManager
  accept spoofed Netlink messages because of a kernel bug. The kernel
  passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the
  sender did not provide such data, instead of not including any such
  data at all or including the correct data from the peer (as it is the
  case with AF_UNIX). (CVE-2012-3520)

- As Tetsuo Handa pointed out, request_module() can stress the system
  while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE.
  The task T uses "almost all" memory, then it does something which
  triggers request_module().  Say, it can simply call sys_socket().
  This in turn needs more memory and leads to OOM.  oom-killer correctly
  chooses T and kills it, but this can't help because it sleeps in
  TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by
  the TIF_MEMDIE task T.A local unprivileged user can make the system
  unusable. (CVE-2012-4398)

- A flaw has been found in the way Linux kernel's KVM subsystem handled
  vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts
  without the XSAVE feature and using qemu userspace an unprivileged
  local user could use this flaw to crash the system. (CVE-2012-4461)

- Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in
  net/socket.c") introduced a bug where the helper functions to take
  either a 64-bit or compat time[spec|val] got the arguments in the
  wrong order, passing the kernel stack pointer off as a user pointer
  (and vice versa).
  Because of the user address range check, that in turn then causes an
  EFAULT due to the user pointer range checking failing for the kernel
  address.  Incorrectly resuling in a failed system call for 32-bit
  processes with a 64-bit kernel.
  On odder architectures like HP-PA (with separate user/kernel address
  spaces), it can be used read kernel memory. (CVE-2012-4467)

- A race condition flaw has been found in the way asynchronous I/O and
  fallocate interacted which can lead to exposure of stale data -- that
  is, an extent which should have had the "uninitialized" bit set
  indicating that its blocks have not yet been written and thus contain
  data from a deleted file. An unprivileged local user could use this
  flaw to cause an information leak. (CVE-2012-4508)

- Reading TCP stats when using TCP Illinois congestion control algorithm
  can cause a divide by zero kernel oops.An unprivileged local user could
  use this flaw to crash the system. (CVE-2012-4565)


Other fixes in this release:
- add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet
  Controller (mga #7853)
- module: fix symbol waiting when module fails before init, wait when
  loading a module which is currently initializing. (mga #7375)

For other changes in 3.4 series kernel, see the kernelnewbies link,
and the referenced stable changelogs.


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565
http://kernelnewbies.org/Linux_3.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24
https://bugs.mageia.org/show_bug.cgi?id=7375
https://bugs.mageia.org/show_bug.cgi?id=7853
https://bugs.mageia.org/show_bug.cgi?id=8512
Comment 5 Thomas Backlund 2013-01-03 16:47:05 CET
Additional fixes included:
- backport Wacom Intuos 5 support:
  https://bugs.mageia.org/show_bug.cgi?id=7659

fix for mga #7375 is not in this kernel, will be added later
Comment 6 Thomas Backlund 2013-01-05 18:34:45 CET
Updated rpms to validate:

Additional fixes:
- conflict dkms packages not supporting 3.4 series kernels
- kernel-tmb-source does not add build & source symlinks anymore as
  they mess with dkms builds...
- A memory disclosure flaw has been found in the way binfmt_script 
  load_script() function handled excessive recursions. An
  unprivileged local user could use this flaw to leak kernel memory.
  (CVE-2012-4530)
- bug 7375 is now fixed here too



i586:
kernel-tmb-desktop-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-desktop586-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-desktop-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop-devel-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-desktop-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-laptop-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-laptop-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-server-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-server-latest-3.4.24-2.mga2.i586.rpm
kernel-tmb-source-3.4.24-2.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.24-2.mga2.noarch.rpm



x86_64:
kernel-tmb-desktop-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-desktop-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-laptop-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-server-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-server-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-source-3.4.24-2.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.24-2.mga2.noarch.rpm



SRPMS:
kernel-tmb-3.4.24-2.mga2.src.rpm

Summary: Update request: kernel-tmb-3.4.24-1.mga2 => Update request: kernel-tmb-3.4.24-2.mga2

Comment 7 Thomas Backlund 2013-01-05 18:53:18 CET
Updated advisory:

This kernel-tmb update provides an upgrade to upstream 3.4-longterm branch.

This allows us to benefit from extra tests and maintenance from upstream
developers and testers, providing a very good base for Mageia users.


It also fixes the following security issues:
- Calling uname() with the UNAME26 personality set allows a leak of
  kernel stack contents. (CVE-2012-0957)

- NFC: Fix multiple remotely-exploitable stack-based buffer overflows due
  to the NCI code pulling length fields directly from incoming frames and
  copying too much data into statically-sized arrays. (CVE-2012-3364)

- A use-after-free flaw has been found in madvise_remove() function in 
  the Linux kernel. madvise_remove() can race with munmap (causing a
  use-after-free of the vma) or with close (causing a use-after-free of
  the struct file). An unprivileged local user can use this flaw to crash
  the system. (CVE-2012-3510)

- Pablo Neira Ayuso discovered that avahi and potentially NetworkManager
  accept spoofed Netlink messages because of a kernel bug. The kernel
  passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the
  sender did not provide such data, instead of not including any such
  data at all or including the correct data from the peer (as it is the
  case with AF_UNIX). (CVE-2012-3520)

- As Tetsuo Handa pointed out, request_module() can stress the system
  while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE.
  The task T uses "almost all" memory, then it does something which
  triggers request_module().  Say, it can simply call sys_socket().
  This in turn needs more memory and leads to OOM.  oom-killer correctly
  chooses T and kills it, but this can't help because it sleeps in
  TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by
  the TIF_MEMDIE task T.A local unprivileged user can make the system
  unusable. (CVE-2012-4398)

- A flaw has been found in the way Linux kernel's KVM subsystem handled
  vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts
  without the XSAVE feature and using qemu userspace an unprivileged
  local user could use this flaw to crash the system. (CVE-2012-4461)

- Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in
  net/socket.c") introduced a bug where the helper functions to take
  either a 64-bit or compat time[spec|val] got the arguments in the
  wrong order, passing the kernel stack pointer off as a user pointer
  (and vice versa).
  Because of the user address range check, that in turn then causes an
  EFAULT due to the user pointer range checking failing for the kernel
  address.  Incorrectly resuling in a failed system call for 32-bit
  processes with a 64-bit kernel.
  On odder architectures like HP-PA (with separate user/kernel address
  spaces), it can be used read kernel memory. (CVE-2012-4467)

- A race condition flaw has been found in the way asynchronous I/O and
  fallocate interacted which can lead to exposure of stale data -- that
  is, an extent which should have had the "uninitialized" bit set
  indicating that its blocks have not yet been written and thus contain
  data from a deleted file. An unprivileged local user could use this
  flaw to cause an information leak. (CVE-2012-4508)

- A memory disclosure flaw has been found in the way binfmt_script 
  load_script() function handled excessive recursions. An
  unprivileged local user could use this flaw to leak kernel memory.
  (CVE-2012-4530)

- Reading TCP stats when using TCP Illinois congestion control algorithm
  can cause a divide by zero kernel oops.An unprivileged local user could
  use this flaw to crash the system. (CVE-2012-4565)


Other fixes in this release:
- module: fix symbol waiting when module fails before init, wait when
  loading a module which is currently initializing. (mga #7375)
- add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet
  Controller (mga #7853)
- conflict dkms packages not supporting 3.4 series kernels
- kernel-tmb-source does not add build & source symlinks anymore as
  they mess with dkms builds.

For other changes in 3.4 series kernel, see the kernelnewbies link,
and the referenced stable changelogs.


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565
http://kernelnewbies.org/Linux_3.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24
https://bugs.mageia.org/show_bug.cgi?id=7375
https://bugs.mageia.org/show_bug.cgi?id=7853
https://bugs.mageia.org/show_bug.cgi?id=8512
Comment 8 Thomas Backlund 2013-01-05 19:00:27 CET
I missed wacom backport change in advisory... :/
so second try:

Updated advisory:

This kernel-tmb update provides an upgrade to upstream 3.4-longterm branch.

This allows us to benefit from extra tests and maintenance from upstream
developers and testers, providing a very good base for Mageia users.


It also fixes the following security issues:
- Calling uname() with the UNAME26 personality set allows a leak of
  kernel stack contents. (CVE-2012-0957)

- NFC: Fix multiple remotely-exploitable stack-based buffer overflows due
  to the NCI code pulling length fields directly from incoming frames and
  copying too much data into statically-sized arrays. (CVE-2012-3364)

- A use-after-free flaw has been found in madvise_remove() function in 
  the Linux kernel. madvise_remove() can race with munmap (causing a
  use-after-free of the vma) or with close (causing a use-after-free of
  the struct file). An unprivileged local user can use this flaw to crash
  the system. (CVE-2012-3510)

- Pablo Neira Ayuso discovered that avahi and potentially NetworkManager
  accept spoofed Netlink messages because of a kernel bug. The kernel
  passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the
  sender did not provide such data, instead of not including any such
  data at all or including the correct data from the peer (as it is the
  case with AF_UNIX). (CVE-2012-3520)

- As Tetsuo Handa pointed out, request_module() can stress the system
  while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE.
  The task T uses "almost all" memory, then it does something which
  triggers request_module().  Say, it can simply call sys_socket().
  This in turn needs more memory and leads to OOM.  oom-killer correctly
  chooses T and kills it, but this can't help because it sleeps in
  TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by
  the TIF_MEMDIE task T.A local unprivileged user can make the system
  unusable. (CVE-2012-4398)

- A flaw has been found in the way Linux kernel's KVM subsystem handled
  vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts
  without the XSAVE feature and using qemu userspace an unprivileged
  local user could use this flaw to crash the system. (CVE-2012-4461)

- Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in
  net/socket.c") introduced a bug where the helper functions to take
  either a 64-bit or compat time[spec|val] got the arguments in the
  wrong order, passing the kernel stack pointer off as a user pointer
  (and vice versa).
  Because of the user address range check, that in turn then causes an
  EFAULT due to the user pointer range checking failing for the kernel
  address.  Incorrectly resuling in a failed system call for 32-bit
  processes with a 64-bit kernel.
  On odder architectures like HP-PA (with separate user/kernel address
  spaces), it can be used read kernel memory. (CVE-2012-4467)

- A race condition flaw has been found in the way asynchronous I/O and
  fallocate interacted which can lead to exposure of stale data -- that
  is, an extent which should have had the "uninitialized" bit set
  indicating that its blocks have not yet been written and thus contain
  data from a deleted file. An unprivileged local user could use this
  flaw to cause an information leak. (CVE-2012-4508)

- A memory disclosure flaw has been found in the way binfmt_script 
  load_script() function handled excessive recursions. An
  unprivileged local user could use this flaw to leak kernel memory.
  (CVE-2012-4530)

- Reading TCP stats when using TCP Illinois congestion control algorithm
  can cause a divide by zero kernel oops.An unprivileged local user could
  use this flaw to crash the system. (CVE-2012-4565)


Other fixes in this release:
- module: fix symbol waiting when module fails before init, wait when
  loading a module which is currently initializing. (mga #7375)
- backport Wacom Intuos 5 support: (#7659)
- add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet
  Controller (mga #7853)
- conflict dkms packages not supporting 3.4 series kernels
- kernel-source does not add build & source symlinks anymore as
  they mess with dkms builds.


For other changes in 3.4 series kernel, see the kernelnewbies link,
and the referenced stable changelogs.


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565
http://kernelnewbies.org/Linux_3.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24
https://bugs.mageia.org/show_bug.cgi?id=7375
https://bugs.mageia.org/show_bug.cgi?id=7659
https://bugs.mageia.org/show_bug.cgi?id=7853
https://bugs.mageia.org/show_bug.cgi?id=8512
Comment 9 David GEIGER 2013-01-12 11:41:57 CET
Created attachment 3354 [details]
dmesg file booting kernel-tmb-laptop-3.4.24-2.mga2

Testing complete for kernel-tmb-laptop-3.4.24-2.mga2 on Mageia release 2
(Official) for x86_64, for me it's Ok and work fine.

Install, boot, and run Ok, nothing to report. 

kernel-tmb-laptop-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.24-2.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.24-2.mga2.x86_64.rpm
Comment 10 Dave Hodgins 2013-01-17 04:21:33 CET
Validating the update.  Tested along with the kernels from
bug 8068.

Could someone from the sysadmin team push the srpm
kernel-tmb-3.4.24-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

See Comment 8 for the advisory.

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: MGA2-64-OK => MGA2-64-OK MGA2-32-OK

Comment 11 Thomas Backlund 2013-01-18 01:31:04 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0011

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.