CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077 and
CVE-2017-9242
linux,linux-secure: IPV6 netfilter NAT table support
Change-Id: I8b461d136b7c4aaf8bb9580828aefb950bb8b503
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/2905
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
... | ... |
@@ -1216,7 +1216,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m |
1216 | 1216 |
CONFIG_IP6_NF_MANGLE=m |
1217 | 1217 |
CONFIG_IP6_NF_RAW=m |
1218 | 1218 |
# CONFIG_IP6_NF_SECURITY is not set |
1219 |
-# CONFIG_IP6_NF_NAT is not set |
|
1219 |
+CONFIG_IP6_NF_NAT=m |
|
1220 |
+# CONFIG_IP6_NF_TARGET_MASQUERADE is not set |
|
1221 |
+# CONFIG_IP6_NF_TARGET_NPT is not set |
|
1220 | 1222 |
# CONFIG_NF_TABLES_BRIDGE is not set |
1221 | 1223 |
CONFIG_BRIDGE_NF_EBTABLES=m |
1222 | 1224 |
CONFIG_BRIDGE_EBT_BROUTE=m |
... | ... |
@@ -1187,7 +1187,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m |
1187 | 1187 |
CONFIG_IP6_NF_MANGLE=m |
1188 | 1188 |
CONFIG_IP6_NF_RAW=m |
1189 | 1189 |
# CONFIG_IP6_NF_SECURITY is not set |
1190 |
-# CONFIG_IP6_NF_NAT is not set |
|
1190 |
+CONFIG_IP6_NF_NAT=m |
|
1191 |
+# CONFIG_IP6_NF_TARGET_MASQUERADE is not set |
|
1192 |
+# CONFIG_IP6_NF_TARGET_NPT is not set |
|
1191 | 1193 |
# CONFIG_NF_TABLES_BRIDGE is not set |
1192 | 1194 |
CONFIG_BRIDGE_NF_EBTABLES=m |
1193 | 1195 |
CONFIG_BRIDGE_EBT_BROUTE=m |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.9.30 |
|
5 |
-Release: 2%{?dist} |
|
4 |
+Version: 4.9.31 |
|
5 |
+Release: 1%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
12 |
+%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56 |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -189,6 +189,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
189 | 189 |
/usr/src/linux-headers-%{uname_r} |
190 | 190 |
|
191 | 191 |
%changelog |
192 |
+* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1 |
|
193 |
+- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
|
194 |
+ CVE-2017-9077 and CVE-2017-9242 |
|
192 | 195 |
* Thu Jun 1 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-2 |
193 | 196 |
- [feature] ACPI NFIT support (for PMEM type 7) |
194 | 197 |
* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 |
-Version: 4.9.30 |
|
4 |
+Version: 4.9.31 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
12 |
+%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56 |
|
13 | 13 |
Source1: config-secure |
14 | 14 |
Source2: aufs4.9.tar.gz |
15 | 15 |
Source3: initramfs.trigger |
... | ... |
@@ -228,6 +228,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
228 | 228 |
/usr/src/linux-headers-%{uname_r} |
229 | 229 |
|
230 | 230 |
%changelog |
231 |
+* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1 |
|
232 |
+- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
|
233 |
+ CVE-2017-9077 and CVE-2017-9242 |
|
234 |
+- [feature] IPV6 netfilter NAT table support |
|
231 | 235 |
* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
232 | 236 |
- Fix CVE-2017-7487 and CVE-2017-9059 |
233 | 237 |
* Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.9.30 |
|
4 |
+Version: 4.9.31 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
12 |
+%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56 |
|
13 | 13 |
Source1: config |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
%define ena_version 1.1.3 |
... | ... |
@@ -267,6 +267,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
267 | 267 |
/usr/share/doc/* |
268 | 268 |
|
269 | 269 |
%changelog |
270 |
+* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1 |
|
271 |
+- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
|
272 |
+ CVE-2017-9077 and CVE-2017-9242 |
|
273 |
+- [feature] IPV6 netfilter NAT table support |
|
270 | 274 |
* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
271 | 275 |
- Added ENA driver for AMI |
272 | 276 |
- Fix CVE-2017-7487 and CVE-2017-9059 |