1. photon
  2. Commit 8ca4b02a40fbe3f41bc6c03424aa2b2e4b0bde3b
Browse code

kernels: fix several CVEs issues

CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077 and
CVE-2017-9242

linux,linux-secure: IPV6 netfilter NAT table support

Change-Id: I8b461d136b7c4aaf8bb9580828aefb950bb8b503
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/2905
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>

Alexey Makhalov authored on 2017/06/09 09:26:41
Showing 5 changed files
SPECS/linux/config
History View file @ 8ca4b02
... ... 
@@ -1216,7 +1216,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m
1216 1216 
 CONFIG_IP6_NF_MANGLE=m
1217 1217 
 CONFIG_IP6_NF_RAW=m
1218 1218 
 # CONFIG_IP6_NF_SECURITY is not set
1219 
-# CONFIG_IP6_NF_NAT is not set
1219 
+CONFIG_IP6_NF_NAT=m
1220 
+# CONFIG_IP6_NF_TARGET_MASQUERADE is not set
1221 
+# CONFIG_IP6_NF_TARGET_NPT is not set
1220 1222 
 # CONFIG_NF_TABLES_BRIDGE is not set
1221 1223 
 CONFIG_BRIDGE_NF_EBTABLES=m
1222 1224 
 CONFIG_BRIDGE_EBT_BROUTE=m
SPECS/linux/config-secure
History View file @ 8ca4b02
... ... 
@@ -1187,7 +1187,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m
1187 1187 
 CONFIG_IP6_NF_MANGLE=m
1188 1188 
 CONFIG_IP6_NF_RAW=m
1189 1189 
 # CONFIG_IP6_NF_SECURITY is not set
1190 
-# CONFIG_IP6_NF_NAT is not set
1190 
+CONFIG_IP6_NF_NAT=m
1191 
+# CONFIG_IP6_NF_TARGET_MASQUERADE is not set
1192 
+# CONFIG_IP6_NF_TARGET_NPT is not set
1191 1193 
 # CONFIG_NF_TABLES_BRIDGE is not set
1192 1194 
 CONFIG_BRIDGE_NF_EBTABLES=m
1193 1195 
 CONFIG_BRIDGE_EBT_BROUTE=m
SPECS/linux/linux-esx.spec
History View file @ 8ca4b02
... ... 
@@ -1,15 +1,15 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux-esx
4 
-Version:        4.9.30
5 
-Release:        2%{?dist}
4 
+Version:        4.9.31
5 
+Release:        1%{?dist}
6 6 
 License:        GPLv2
7 7 
 URL:            http://www.kernel.org/
8 8 
 Group:          System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution:   Photon
11 11 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2
12 
+%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56
13 13 
 Source1:        config-esx
14 14 
 Source2:        initramfs.trigger
15 15 
 # common
... ... 
@@ -189,6 +189,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
189 189 
 /usr/src/linux-headers-%{uname_r}
190 190
191 191 
 %changelog
192 
+*   Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1
193 
+-   Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076
194 
+    CVE-2017-9077 and CVE-2017-9242
192 195 
 *   Thu Jun 1 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-2
193 196 
 -   [feature] ACPI NFIT support (for PMEM type 7)
194 197 
 *   Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1
SPECS/linux/linux-secure.spec
History View file @ 8ca4b02
... ... 
@@ -1,7 +1,7 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux-secure
4 
-Version:        4.9.30
4 
+Version:        4.9.31
5 5 
 Release:        1%{?dist}
6 6 
 License:        GPLv2
7 7 
 URL:            http://www.kernel.org/
... ... 
@@ -9,7 +9,7 @@ Group:          System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution:   Photon
11 11 
 Source0:       http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2
12 
+%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56
13 13 
 Source1:        config-secure
14 14 
 Source2:        aufs4.9.tar.gz
15 15 
 Source3:        initramfs.trigger
... ... 
@@ -228,6 +228,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
228 228 
 /usr/src/linux-headers-%{uname_r}
229 229
230 230 
 %changelog
231 
+*   Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1
232 
+-   Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076
233 
+    CVE-2017-9077 and CVE-2017-9242
234 
+-   [feature] IPV6 netfilter NAT table support
231 235 
 *   Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1
232 236 
 -   Fix CVE-2017-7487 and CVE-2017-9059
233 237 
 *   Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2
SPECS/linux/linux.spec
History View file @ 8ca4b02
... ... 
@@ -1,7 +1,7 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux
4 
-Version:        4.9.30
4 
+Version:        4.9.31
5 5 
 Release:        1%{?dist}
6 6 
 License:    	GPLv2
7 7 
 URL:        	http://www.kernel.org/
... ... 
@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution: 	Photon
11 11 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2
12 
+%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56
13 13 
 Source1:	config
14 14 
 Source2:	initramfs.trigger
15 15 
 %define ena_version 1.1.3
... ... 
@@ -267,6 +267,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
267 267 
 /usr/share/doc/*
268 268
269 269 
 %changelog
270 
+*   Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1
271 
+-   Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076
272 
+    CVE-2017-9077 and CVE-2017-9242
273 
+-   [feature] IPV6 netfilter NAT table support
270 274 
 *   Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1
271 275 
 -   Added ENA driver for AMI
272 276 
 -   Fix CVE-2017-7487 and CVE-2017-9059