Browse code
kernels: Fix CVE-2017-14497 by updating to 4.9.52
Commit edbd58be15a957f6a760c4a514cd475217eb97fd (packet: Don't write
vnet header beyond end of buffer) fixes the CVE.
Also, remove the patch "xfrm: policy: check policy direction value"
(which was the fix for CVE-2017-11600), as it was included in kernel
version 4.9.48.
Change-Id: I4d15a83b05ad16479ae891b8a6d09f1d32f40b78
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3934
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Srivatsa S. Bhat authored on 2017/10/03 07:33:24Showing 5 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
- SPECS/linux/xfrm-policy-check-policy-direction-value.patch
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.9.47 |
|
| 3 |
+Version: 4.9.52 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=49110526c8e572513bd3295495ccd28754b5292d |
|
| 11 |
+%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
%description |
| 14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
| ... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 25 | 25 |
%defattr(-,root,root) |
| 26 | 26 |
%{_includedir}/*
|
| 27 | 27 |
%changelog |
| 28 |
+* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1 |
|
| 29 |
+- Version update |
|
| 28 | 30 |
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1 |
| 29 | 31 |
- Version update |
| 30 | 32 |
* Mon Aug 14 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.43-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.9.47 |
|
| 5 |
-Release: 2%{?dist}
|
|
| 4 |
+Version: 4.9.52 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=49110526c8e572513bd3295495ccd28754b5292d |
|
| 12 |
+%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -36,8 +36,6 @@ Patch19: 06-pv-ops-boot_clock.patch |
| 36 | 36 |
Patch20: 07-vmware-only.patch |
| 37 | 37 |
Patch21: vmware-balloon-late-initcall.patch |
| 38 | 38 |
Patch22: add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch |
| 39 |
-# Fix CVE-2017-11600 |
|
| 40 |
-Patch23: xfrm-policy-check-policy-direction-value.patch |
|
| 41 | 39 |
BuildRequires: bc |
| 42 | 40 |
BuildRequires: kbd |
| 43 | 41 |
BuildRequires: kmod-devel |
| ... | ... |
@@ -96,7 +94,6 @@ The Linux package contains the Linux kernel doc files |
| 96 | 96 |
%patch20 -p1 |
| 97 | 97 |
%patch21 -p1 |
| 98 | 98 |
%patch22 -p1 |
| 99 |
-%patch23 -p1 |
|
| 100 | 99 |
|
| 101 | 100 |
%build |
| 102 | 101 |
# patch vmw_balloon driver |
| ... | ... |
@@ -193,6 +190,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 193 | 193 |
/usr/src/linux-headers-%{uname_r}
|
| 194 | 194 |
|
| 195 | 195 |
%changelog |
| 196 |
+* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1 |
|
| 197 |
+- Version update |
|
| 196 | 198 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-2 |
| 197 | 199 |
- Requires coreutils or toybox |
| 198 | 200 |
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 |
-Version: 4.9.47 |
|
| 5 |
-Release: 2%{?dist}
|
|
| 4 |
+Version: 4.9.52 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=49110526c8e572513bd3295495ccd28754b5292d |
|
| 12 |
+%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 13 | 13 |
Source1: config-secure |
| 14 | 14 |
Source2: aufs4.9.tar.gz |
| 15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
| ... | ... |
@@ -47,8 +47,6 @@ Patch26: 0014-hv_sock-introduce-Hyper-V-Sockets.patch |
| 47 | 47 |
Patch27: 0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch |
| 48 | 48 |
Patch28: 0002-allow-also-ecb-cipher_null.patch |
| 49 | 49 |
Patch29: add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch |
| 50 |
-# Fix CVE-2017-11600 |
|
| 51 |
-Patch30: xfrm-policy-check-policy-direction-value.patch |
|
| 52 | 50 |
# NSX requirements (should be removed) |
| 53 | 51 |
Patch99: LKCM.patch |
| 54 | 52 |
BuildRequires: bc |
| ... | ... |
@@ -145,7 +143,6 @@ EOF |
| 145 | 145 |
%patch27 -p1 |
| 146 | 146 |
%patch28 -p1 |
| 147 | 147 |
%patch29 -p1 |
| 148 |
-%patch30 -p1 |
|
| 149 | 148 |
|
| 150 | 149 |
pushd .. |
| 151 | 150 |
%patch99 -p0 |
| ... | ... |
@@ -261,6 +258,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 261 | 261 |
/usr/src/linux-headers-%{uname_r}
|
| 262 | 262 |
|
| 263 | 263 |
%changelog |
| 264 |
+* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1 |
|
| 265 |
+- Version update |
|
| 264 | 266 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-2 |
| 265 | 267 |
- Requires coreutils or toybox |
| 266 | 268 |
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.9.47 |
|
| 5 |
-Release: 2%{?dist}
|
|
| 4 |
+Version: 4.9.52 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=49110526c8e572513bd3295495ccd28754b5292d |
|
| 12 |
+%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
%define ena_version 1.1.3 |
| ... | ... |
@@ -44,8 +44,6 @@ Patch23: 0014-hv_sock-introduce-Hyper-V-Sockets.patch |
| 44 | 44 |
Patch24: 0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch |
| 45 | 45 |
Patch25: 0002-allow-also-ecb-cipher_null.patch |
| 46 | 46 |
Patch26: add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch |
| 47 |
-# Fix CVE-2017-11600 |
|
| 48 |
-Patch27: xfrm-policy-check-policy-direction-value.patch |
|
| 49 | 47 |
|
| 50 | 48 |
BuildRequires: bc |
| 51 | 49 |
BuildRequires: kbd |
| ... | ... |
@@ -141,7 +139,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 141 | 141 |
%patch24 -p1 |
| 142 | 142 |
%patch25 -p1 |
| 143 | 143 |
%patch26 -p1 |
| 144 |
-%patch27 -p1 |
|
| 145 | 144 |
|
| 146 | 145 |
%build |
| 147 | 146 |
make mrproper |
| ... | ... |
@@ -301,6 +298,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 301 | 301 |
/usr/share/doc/* |
| 302 | 302 |
|
| 303 | 303 |
%changelog |
| 304 |
+* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1 |
|
| 305 |
+- Version update |
|
| 304 | 306 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-2 |
| 305 | 307 |
- Requires coreutils or toybox |
| 306 | 308 |
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1 |
| 307 | 309 |
deleted file mode 100644 |
| ... | ... |
@@ -1,44 +0,0 @@ |
| 1 |
-From 7bab09631c2a303f87a7eb7e3d69e888673b9b7e Mon Sep 17 00:00:00 2001 |
|
| 2 |
-From: Vladis Dronov <vdronov@redhat.com> |
|
| 3 |
-Date: Wed, 2 Aug 2017 19:50:14 +0200 |
|
| 4 |
-Subject: xfrm: policy: check policy direction value |
|
| 5 |
- |
|
| 6 |
-The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used |
|
| 7 |
-as an array index. This can lead to an out-of-bound access, kernel lockup and |
|
| 8 |
-DoS. Add a check for the 'dir' value. |
|
| 9 |
- |
|
| 10 |
-This fixes CVE-2017-11600. |
|
| 11 |
- |
|
| 12 |
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928 |
|
| 13 |
-Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")
|
|
| 14 |
-Cc: <stable@vger.kernel.org> # v2.6.21-rc1 |
|
| 15 |
-Reported-by: "bo Zhang" <zhangbo5891001@gmail.com> |
|
| 16 |
-Signed-off-by: Vladis Dronov <vdronov@redhat.com> |
|
| 17 |
-Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
|
| 18 |
- net/xfrm/xfrm_policy.c | 6 ++++++ |
|
| 19 |
- 1 file changed, 6 insertions(+) |
|
| 20 |
- |
|
| 21 |
-diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c |
|
| 22 |
-index ff61d85..6f5a0dad 100644 |
|
| 23 |
-+++ b/net/xfrm/xfrm_policy.c |
|
| 24 |
-@@ -3308,9 +3308,15 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |
|
| 25 |
- struct xfrm_state *x_new[XFRM_MAX_DEPTH]; |
|
| 26 |
- struct xfrm_migrate *mp; |
|
| 27 |
- |
|
| 28 |
-+ /* Stage 0 - sanity checks */ |
|
| 29 |
- if ((err = xfrm_migrate_check(m, num_migrate)) < 0) |
|
| 30 |
- goto out; |
|
| 31 |
- |
|
| 32 |
-+ if (dir >= XFRM_POLICY_MAX) {
|
|
| 33 |
-+ err = -EINVAL; |
|
| 34 |
-+ goto out; |
|
| 35 |
-+ } |
|
| 36 |
-+ |
|
| 37 |
- /* Stage 1 - find policy */ |
|
| 38 |
- if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) {
|
|
| 39 |
- err = -ENOENT; |
|
| 40 |
-cgit v1.1 |
|
| 41 |
- |