Update request: kernel-tmb-3.4.24-1.mga2 Advisory: - to be written Testing: - check that it installs, boots and runs ok. - can even check that some dkms-* works with it i586: kernel-tmb-desktop-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-desktop586-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-desktop-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop-devel-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-desktop-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-laptop-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-laptop-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-server-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-3.4.24-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-server-latest-3.4.24-1.mga2.i586.rpm kernel-tmb-source-3.4.24-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.24-1.mga2.noarch.rpm x86_64: kernel-tmb-desktop-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-desktop-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-laptop-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-server-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-server-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-source-3.4.24-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.24-1.mga2.noarch.rpm SRPMS: kernel-tmb-3.4.24-1.mga2.src.rpm
Status: NEW => ASSIGNEDDepends on: (none) => 8227
All hardware detected and working, dkms-virtualbox built ok and works well. CPU~Hexa core AMD Phenom II X6 1090T (-MCP-) clocked at Min:800.000Mhz Max:3600.000Mhz Kernel~3.4.24-tmb-desktop-1.mga2 x86_64 Up~9:58 Mem~2290.3/16029.8MB HDD~4128.9GB(84.4% used) Procs~224 Client~Shell inxi~1.8.24
CC: (none) => lemonzest
Created attachment 3295 [details] dmesg file booting kernel-tmb-laptop-3.4.24-1.mga2 Testing complete for kernel-tmb-laptop-3.4.24-1.mga2 on Mageia release 2 (Official) for x86_64, for me it's Ok and work fine. Install, boot, and run Ok, nothing to report. kernel-tmb-laptop-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.24-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.24-1.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.24-1.mga2.x86_64.rpm My PC Laptop: -ASUSTeK Computer Inc. K73SD/K73SD, BIOS K73SD.203 12/22/2011 -Graphical card : Intel and Nvidia (Optimus Technologie) -VGA switcheroo: detected Optimus DSM method \_SB_.PCI0.PEG0.GFX0 handle -CPU : âIntel(R) Core(TM) i3-2350M CPU @ 2.30GHz Card:Intel 810 and later: Intel Corporation|2nd Generation Core Processor Family Integrated Graphics Controller [DISPLAY_VGA] (vendor:8086 device:0116 subv:1043 subd:1682) (rev: 09) Card:NVIDIA GeForce 400 series and later: nVidia Corporation|Device 105a [DISPLAY_VGA] (vendor:10de device:105a subv:1043 subd:2112) (rev: a1)
mga2, 64bits, the tmb works fine, dkms is ok, hardware works well. (it seems my fan is better controlled by this kernel than the desktop one :) ) Validating for x86_64 as to people should be enough.
Whiteboard: (none) => MGA2-64-OK
Advisory: This kernel-tmb update provides an upgrade to upstream 3.4-longterm branch. This allows us to benefit from extra tests and maintenance from upstream developers and testers, providing a very good base for Mageia users. It also fixes the following security issues: - Calling uname() with the UNAME26 personality set allows a leak of kernel stack contents. (CVE-2012-0957) - NFC: Fix multiple remotely-exploitable stack-based buffer overflows due to the NCI code pulling length fields directly from incoming frames and copying too much data into statically-sized arrays. (CVE-2012-3364) - A use-after-free flaw has been found in madvise_remove() function in the Linux kernel. madvise_remove() can race with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). An unprivileged local user can use this flaw to crash the system. (CVE-2012-3510) - Pablo Neira Ayuso discovered that avahi and potentially NetworkManager accept spoofed Netlink messages because of a kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of not including any such data at all or including the correct data from the peer (as it is the case with AF_UNIX). (CVE-2012-3520) - As Tetsuo Handa pointed out, request_module() can stress the system while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE. The task T uses "almost all" memory, then it does something which triggers request_module(). Say, it can simply call sys_socket(). This in turn needs more memory and leads to OOM. oom-killer correctly chooses T and kills it, but this can't help because it sleeps in TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the TIF_MEMDIE task T.A local unprivileged user can make the system unusable. (CVE-2012-4398) - A flaw has been found in the way Linux kernel's KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could use this flaw to crash the system. (CVE-2012-4461) - Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. (CVE-2012-4467) - A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. (CVE-2012-4508) - Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops.An unprivileged local user could use this flaw to crash the system. (CVE-2012-4565) Other fixes in this release: - add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet Controller (mga #7853) - module: fix symbol waiting when module fails before init, wait when loading a module which is currently initializing. (mga #7375) For other changes in 3.4 series kernel, see the kernelnewbies link, and the referenced stable changelogs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565 http://kernelnewbies.org/Linux_3.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24 https://bugs.mageia.org/show_bug.cgi?id=7375 https://bugs.mageia.org/show_bug.cgi?id=7853 https://bugs.mageia.org/show_bug.cgi?id=8512
Additional fixes included: - backport Wacom Intuos 5 support: https://bugs.mageia.org/show_bug.cgi?id=7659 fix for mga #7375 is not in this kernel, will be added later
Updated rpms to validate: Additional fixes: - conflict dkms packages not supporting 3.4 series kernels - kernel-tmb-source does not add build & source symlinks anymore as they mess with dkms builds... - A memory disclosure flaw has been found in the way binfmt_script load_script() function handled excessive recursions. An unprivileged local user could use this flaw to leak kernel memory. (CVE-2012-4530) - bug 7375 is now fixed here too i586: kernel-tmb-desktop-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-desktop586-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-desktop-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop-devel-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-desktop-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-laptop-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-laptop-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-server-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-3.4.24-2.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-server-latest-3.4.24-2.mga2.i586.rpm kernel-tmb-source-3.4.24-2.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.24-2.mga2.noarch.rpm x86_64: kernel-tmb-desktop-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-desktop-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-laptop-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-server-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-server-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-source-3.4.24-2.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.24-2.mga2.noarch.rpm SRPMS: kernel-tmb-3.4.24-2.mga2.src.rpm
Summary: Update request: kernel-tmb-3.4.24-1.mga2 => Update request: kernel-tmb-3.4.24-2.mga2
Updated advisory: This kernel-tmb update provides an upgrade to upstream 3.4-longterm branch. This allows us to benefit from extra tests and maintenance from upstream developers and testers, providing a very good base for Mageia users. It also fixes the following security issues: - Calling uname() with the UNAME26 personality set allows a leak of kernel stack contents. (CVE-2012-0957) - NFC: Fix multiple remotely-exploitable stack-based buffer overflows due to the NCI code pulling length fields directly from incoming frames and copying too much data into statically-sized arrays. (CVE-2012-3364) - A use-after-free flaw has been found in madvise_remove() function in the Linux kernel. madvise_remove() can race with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). An unprivileged local user can use this flaw to crash the system. (CVE-2012-3510) - Pablo Neira Ayuso discovered that avahi and potentially NetworkManager accept spoofed Netlink messages because of a kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of not including any such data at all or including the correct data from the peer (as it is the case with AF_UNIX). (CVE-2012-3520) - As Tetsuo Handa pointed out, request_module() can stress the system while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE. The task T uses "almost all" memory, then it does something which triggers request_module(). Say, it can simply call sys_socket(). This in turn needs more memory and leads to OOM. oom-killer correctly chooses T and kills it, but this can't help because it sleeps in TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the TIF_MEMDIE task T.A local unprivileged user can make the system unusable. (CVE-2012-4398) - A flaw has been found in the way Linux kernel's KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could use this flaw to crash the system. (CVE-2012-4461) - Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. (CVE-2012-4467) - A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. (CVE-2012-4508) - A memory disclosure flaw has been found in the way binfmt_script load_script() function handled excessive recursions. An unprivileged local user could use this flaw to leak kernel memory. (CVE-2012-4530) - Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops.An unprivileged local user could use this flaw to crash the system. (CVE-2012-4565) Other fixes in this release: - module: fix symbol waiting when module fails before init, wait when loading a module which is currently initializing. (mga #7375) - add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet Controller (mga #7853) - conflict dkms packages not supporting 3.4 series kernels - kernel-tmb-source does not add build & source symlinks anymore as they mess with dkms builds. For other changes in 3.4 series kernel, see the kernelnewbies link, and the referenced stable changelogs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565 http://kernelnewbies.org/Linux_3.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24 https://bugs.mageia.org/show_bug.cgi?id=7375 https://bugs.mageia.org/show_bug.cgi?id=7853 https://bugs.mageia.org/show_bug.cgi?id=8512
I missed wacom backport change in advisory... :/ so second try: Updated advisory: This kernel-tmb update provides an upgrade to upstream 3.4-longterm branch. This allows us to benefit from extra tests and maintenance from upstream developers and testers, providing a very good base for Mageia users. It also fixes the following security issues: - Calling uname() with the UNAME26 personality set allows a leak of kernel stack contents. (CVE-2012-0957) - NFC: Fix multiple remotely-exploitable stack-based buffer overflows due to the NCI code pulling length fields directly from incoming frames and copying too much data into statically-sized arrays. (CVE-2012-3364) - A use-after-free flaw has been found in madvise_remove() function in the Linux kernel. madvise_remove() can race with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). An unprivileged local user can use this flaw to crash the system. (CVE-2012-3510) - Pablo Neira Ayuso discovered that avahi and potentially NetworkManager accept spoofed Netlink messages because of a kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of not including any such data at all or including the correct data from the peer (as it is the case with AF_UNIX). (CVE-2012-3520) - As Tetsuo Handa pointed out, request_module() can stress the system while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE. The task T uses "almost all" memory, then it does something which triggers request_module(). Say, it can simply call sys_socket(). This in turn needs more memory and leads to OOM. oom-killer correctly chooses T and kills it, but this can't help because it sleeps in TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the TIF_MEMDIE task T.A local unprivileged user can make the system unusable. (CVE-2012-4398) - A flaw has been found in the way Linux kernel's KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could use this flaw to crash the system. (CVE-2012-4461) - Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. (CVE-2012-4467) - A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. (CVE-2012-4508) - A memory disclosure flaw has been found in the way binfmt_script load_script() function handled excessive recursions. An unprivileged local user could use this flaw to leak kernel memory. (CVE-2012-4530) - Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops.An unprivileged local user could use this flaw to crash the system. (CVE-2012-4565) Other fixes in this release: - module: fix symbol waiting when module fails before init, wait when loading a module which is currently initializing. (mga #7375) - backport Wacom Intuos 5 support: (#7659) - add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet Controller (mga #7853) - conflict dkms packages not supporting 3.4 series kernels - kernel-source does not add build & source symlinks anymore as they mess with dkms builds. For other changes in 3.4 series kernel, see the kernelnewbies link, and the referenced stable changelogs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565 http://kernelnewbies.org/Linux_3.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24 https://bugs.mageia.org/show_bug.cgi?id=7375 https://bugs.mageia.org/show_bug.cgi?id=7659 https://bugs.mageia.org/show_bug.cgi?id=7853 https://bugs.mageia.org/show_bug.cgi?id=8512
Created attachment 3354 [details] dmesg file booting kernel-tmb-laptop-3.4.24-2.mga2 Testing complete for kernel-tmb-laptop-3.4.24-2.mga2 on Mageia release 2 (Official) for x86_64, for me it's Ok and work fine. Install, boot, and run Ok, nothing to report. kernel-tmb-laptop-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.24-2.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.24-2.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.24-2.mga2.x86_64.rpm
Validating the update. Tested along with the kernels from bug 8068. Could someone from the sysadmin team push the srpm kernel-tmb-3.4.24-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. See Comment 8 for the advisory.
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA2-64-OK => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0011
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED