Browse code
kernels: Fix CVE-2017-12154 by updating to 4.9.53
Commit 51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (kvm: nVMX: Don't
allow L2 to access the hardware CR8) fixes the CVE.
Change-Id: Ibaa39d18242ab24f4ffa8558d740c9ddde181ebf
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3979
Reviewed-by: Sharath George
Tested-by: Sharath George
Srivatsa S. Bhat authored on 2017/10/06 14:05:45Showing 4 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.9.52 |
|
| 3 |
+Version: 4.9.53 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 11 |
+%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
%description |
| 14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
| ... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 25 | 25 |
%defattr(-,root,root) |
| 26 | 26 |
%{_includedir}/*
|
| 27 | 27 |
%changelog |
| 28 |
+* Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1 |
|
| 29 |
+- Version update |
|
| 28 | 30 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1 |
| 29 | 31 |
- Version update |
| 30 | 32 |
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.9.52 |
|
| 5 |
-Release: 3%{?dist}
|
|
| 4 |
+Version: 4.9.53 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 12 |
+%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -193,6 +193,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 193 | 193 |
/usr/src/linux-headers-%{uname_r}
|
| 194 | 194 |
|
| 195 | 195 |
%changelog |
| 196 |
+* Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1 |
|
| 197 |
+- Version update |
|
| 196 | 198 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-3 |
| 197 | 199 |
- Allow privileged CLONE_NEWUSER from nested user namespaces. |
| 198 | 200 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-2 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 |
-Version: 4.9.52 |
|
| 5 |
-Release: 3%{?dist}
|
|
| 4 |
+Version: 4.9.53 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 12 |
+%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 13 | 13 |
Source1: config-secure |
| 14 | 14 |
Source2: aufs4.9.tar.gz |
| 15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
| ... | ... |
@@ -261,6 +261,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 261 | 261 |
/usr/src/linux-headers-%{uname_r}
|
| 262 | 262 |
|
| 263 | 263 |
%changelog |
| 264 |
+* Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1 |
|
| 265 |
+- Version update |
|
| 264 | 266 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-3 |
| 265 | 267 |
- Allow privileged CLONE_NEWUSER from nested user namespaces. |
| 266 | 268 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-2 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.9.52 |
|
| 5 |
-Release: 3%{?dist}
|
|
| 4 |
+Version: 4.9.53 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=a06b8a6031a81b32228b76b1dc28cf2bc8165228 |
|
| 12 |
+%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
%define ena_version 1.1.3 |
| ... | ... |
@@ -301,6 +301,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 301 | 301 |
/usr/share/doc/* |
| 302 | 302 |
|
| 303 | 303 |
%changelog |
| 304 |
+* Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1 |
|
| 305 |
+- Version update |
|
| 304 | 306 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-3 |
| 305 | 307 |
- Allow privileged CLONE_NEWUSER from nested user namespaces. |
| 306 | 308 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-2 |