GitList

Browse code

kernels: Fix CVE-2017-12190 by updating to 4.4.106

This CVE is fixed by the following upstream commits:

commit 95d78c28b5a85bacbc29b8dba7c04babb9b0d467 (fix unbalanced page
refcounting in bio_map_user_iov)

commit 2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 (more
bio_map_user_iov() leak fixes)

The former fix was included in linux-stable 4.4.93, and the latter fix
has now been included in 4.4.106. So update to 4.4.106 to fix the CVE.

Change-Id: Ic5ea7062611e3fbc278d6c45b5670eda7c7bbda1
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4533
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>

Srivatsa S. Bhat authored on 2017/12/20 06:12:50
Showing 3 changed files

SPECS/linux-api-headers/linux-api-headers.spec index 455de31..9e7bd10 100644
SPECS/linux/linux-esx.spec index dd37a7a..0576820 100644
SPECS/linux/linux.spec index 7ad8fb1..bef8cf8 100644

SPECS/linux-api-headers/linux-api-headers.spec

History View file @ 6bf5712

@@ -1,6 +1,6 @@
                      Summary:	Linux API header files
                      Name:		linux-api-headers
                     -Version:	4.4.104
                     +Version:	4.4.106
                      Release:	1%{?dist}
                      License:	GPLv2
                      URL:		http://www.kernel.org/
@@ -8,7 +8,7 @@ Group:		System Environment/Kernel
                      Vendor:		VMware, Inc.
                      Distribution: Photon
                      Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
                     -%define sha1 linux=113e7e35bce05b82182902cdb8ce7eccd9f5682d
                     +%define sha1 linux=a40a7f291d85f9373f024946faa8c7dcb6dc7fdb
                      BuildArch:	noarch
                      # From SPECS/linux and used by linux-esx only
                      # It provides f*xattrat syscalls
@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
                      %defattr(-,root,root)
                      %{_includedir}/*
                      %changelog
                     +*   Tue Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.106-1
                     +-   Version update
                      *   Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1
                      -   Version update
                      *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.103-1

SPECS/linux/linux-esx.spec

History View file @ 6bf5712

@@ -1,7 +1,7 @@
                      %global security_hardening none
                      Summary:       Kernel
                      Name:          linux-esx
                     -Version:       4.4.104
                     +Version:       4.4.106
                      Release:       1%{?dist}
                      License:       GPLv2
                      URL:           http://www.kernel.org/
@@ -9,7 +9,7 @@ Group:         System Environment/Kernel
                      Vendor:        VMware, Inc.
                      Distribution:  Photon
                      Source0:       http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
                     -%define sha1 linux=113e7e35bce05b82182902cdb8ce7eccd9f5682d
                     +%define sha1 linux=a40a7f291d85f9373f024946faa8c7dcb6dc7fdb
                      Source1:       config-esx
                      Patch0:        double-tcp_mem-limits.patch
                      Patch1:        linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch
@@ -190,6 +190,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
                      /usr/src/linux-headers-%{uname_r}
                      %changelog
                     +*   Tue Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.106-1
                     +-   Version update
                      *   Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1
                      -   Version update
                      *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.103-1

SPECS/linux/linux.spec

History View file @ 6bf5712

@@ -1,15 +1,15 @@
                      %global security_hardening none
                      Summary:        Kernel
                      Name:           linux
                     -Version:    	4.4.104
                     -Release:        2%{?kat_build:.%kat_build}%{?dist}
                     +Version:    	4.4.106
                     +Release:        1%{?kat_build:.%kat_build}%{?dist}
                      License:    	GPLv2
                      URL:        	http://www.kernel.org/
                      Group:        	System Environment/Kernel
                      Vendor:         VMware, Inc.
                      Distribution: 	Photon
                      Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz
                     -%define sha1 linux=113e7e35bce05b82182902cdb8ce7eccd9f5682d
                     +%define sha1 linux=a40a7f291d85f9373f024946faa8c7dcb6dc7fdb
                      Source1:	config
                      %define ena_version 1.1.3
                      Source2:    	https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz
@@ -287,6 +287,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
                      /usr/share/perf-core
                      %changelog
                     +*   Tue Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.106-1
                     +-   Version update
                      *   Tue Dec 12 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.104-2
                      -   KAT build support
                      *   Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1