GitList

Browse code

kernels: Fix CVE-2017-16939 by updating to 4.4.104

Upstream commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2 (ipsec: Fix
aborted xfrm policy dump crash) fixes this CVE, and has been included
in linux-stable 4.4.104. So update to 4.4.104 to get the fix.

Change-Id: I591befeb6c11f0a9294bae17f1a9f419daf6d944
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4493
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>

Srivatsa S. Bhat authored on 2017/12/09 07:23:08
Showing 3 changed files

SPECS/linux-api-headers/linux-api-headers.spec index c09ea42..455de31 100644
SPECS/linux/linux-esx.spec index 2a82c77..dd37a7a 100644
SPECS/linux/linux.spec index 9872ba1..94d0c29 100644

SPECS/linux-api-headers/linux-api-headers.spec

History View file @ f6a0f52

@@ -1,6 +1,6 @@
                      Summary:	Linux API header files
                      Name:		linux-api-headers
                     -Version:	4.4.103
                     +Version:	4.4.104
                      Release:	1%{?dist}
                      License:	GPLv2
                      URL:		http://www.kernel.org/
@@ -8,7 +8,7 @@ Group:		System Environment/Kernel
                      Vendor:		VMware, Inc.
                      Distribution: Photon
                      Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
                     -%define sha1 linux=e1de56b56f0a6662224d57a34b4dcd8f01b79926
                     +%define sha1 linux=113e7e35bce05b82182902cdb8ce7eccd9f5682d
                      BuildArch:	noarch
                      # From SPECS/linux and used by linux-esx only
                      # It provides f*xattrat syscalls
@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
                      %defattr(-,root,root)
                      %{_includedir}/*
                      %changelog
                     +*   Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1
                     +-   Version update
                      *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.103-1
                      -   Version update
                      *   Mon Nov 20 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.99-1

SPECS/linux/linux-esx.spec

History View file @ f6a0f52

@@ -1,7 +1,7 @@
                      %global security_hardening none
                      Summary:       Kernel
                      Name:          linux-esx
                     -Version:       4.4.103
                     +Version:       4.4.104
                      Release:       1%{?dist}
                      License:       GPLv2
                      URL:           http://www.kernel.org/
@@ -9,7 +9,7 @@ Group:         System Environment/Kernel
                      Vendor:        VMware, Inc.
                      Distribution:  Photon
                      Source0:       http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
                     -%define sha1 linux=e1de56b56f0a6662224d57a34b4dcd8f01b79926
                     +%define sha1 linux=113e7e35bce05b82182902cdb8ce7eccd9f5682d
                      Source1:       config-esx
                      Patch0:        double-tcp_mem-limits.patch
                      Patch1:        linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch
@@ -190,6 +190,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
                      /usr/src/linux-headers-%{uname_r}
                      %changelog
                     +*   Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1
                     +-   Version update
                      *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.103-1
                      -   Version update
                      *   Mon Nov 20 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.99-1

SPECS/linux/linux.spec

History View file @ f6a0f52

@@ -1,7 +1,7 @@
                      %global security_hardening none
                      Summary:        Kernel
                      Name:           linux
                     -Version:    	4.4.103
                     +Version:    	4.4.104
                      Release:    	1%{?dist}
                      License:    	GPLv2
                      URL:        	http://www.kernel.org/
@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel
                      Vendor:         VMware, Inc.
                      Distribution: 	Photon
                      Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz
                     -%define sha1 linux=e1de56b56f0a6662224d57a34b4dcd8f01b79926
                     +%define sha1 linux=113e7e35bce05b82182902cdb8ce7eccd9f5682d
                      Source1:	config
                      %define ena_version 1.1.3
                      Source2:    	https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz
@@ -280,6 +280,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
                      /usr/share/perf-core
                      %changelog
                     +*   Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1
                     +-   Version update
                      *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.103-1
                      -   Version update
                      *   Mon Nov 20 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.99-1