From 73025a11f360c17f2025cefeefc98370f2b1c9fd Mon Sep 17 00:00:00 2001
From: "zhao.shuai" <zhaos@neusoft.com>
Date: Mon, 15 Jul 2019 11:12:48 +0800
Subject: [PATCH] Upgrade kernel to version kernel-3.10.0-957.21.3.el7

Security Fix(es):
(CVE-2019-11477)-
An integer overflow flaw was found in the way
the Linux kernel's networking subsystem processed
TCP Selective Acknowledgment (SACK) segments.
While processing SACK segments,
the Linux kernel's socket buffer (SKB) data structure
becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes.
To efficiently process SACK blocks, the Linux kernel merges
multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments.
A remote attacker could use this flaw to crash the Linux kernel
by sending a crafted sequence of SACK segments on a TCP
connection with small value of TCP MSS,
resulting in a denial of service (DoS).

(CVE-2019-11478)-
Kernel: tcp: excessive resource consumption while processing
SACK blocks allows remote denial of service.

(CVE-2019-11479)-
Kernel: tcp: excessive resource consumption for TCP connections
with low MSS allows remote denial of service.

Details:
https://access.redhat.com/errata/RHSA-2019:1481
https://access.redhat.com/errata/RHSA-2019:1486
https://nvd.nist.gov/vuln/detail/

Closes-Bug: 1836685
Change-Id: If42765222e641218c2e2282bf7264f3a7f7b863c
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
---
 centos-mirror-tools/rpms_centos.lst           | 4 ++--
 centos-mirror-tools/rpms_centos3rdparties.lst | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/centos-mirror-tools/rpms_centos.lst b/centos-mirror-tools/rpms_centos.lst
index e292cfab..d24096d0 100644
--- a/centos-mirror-tools/rpms_centos.lst
+++ b/centos-mirror-tools/rpms_centos.lst
@@ -525,8 +525,8 @@ kbd-1.15.5-15.el7.x86_64.rpm
 kbd-legacy-1.15.5-15.el7.noarch.rpm
 kbd-misc-1.15.5-15.el7.noarch.rpm
 kde-filesystem-4-47.el7.x86_64.rpm
-kernel-3.10.0-957.12.2.el7.src.rpm
-kernel-headers-3.10.0-957.12.2.el7.x86_64.rpm
+kernel-3.10.0-957.21.3.el7.src.rpm
+kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
 keyutils-1.5.8-3.el7.x86_64.rpm
 keyutils-libs-1.5.8-3.el7.x86_64.rpm
 keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm
diff --git a/centos-mirror-tools/rpms_centos3rdparties.lst b/centos-mirror-tools/rpms_centos3rdparties.lst
index 78065090..a16980bc 100644
--- a/centos-mirror-tools/rpms_centos3rdparties.lst
+++ b/centos-mirror-tools/rpms_centos3rdparties.lst
@@ -41,7 +41,7 @@ iprutils-2.4.16.1-1.el7.x86_64.rpm
 java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64.rpm
 java-1.8.0-openjdk-devel-1.8.0.191.b12-1.el7_6.x86_64.rpm
 java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64.rpm
-kernel-rt-3.10.0-957.12.2.rt56.929.el7.src.rpm
+kernel-rt-3.10.0-957.21.3.rt56.935.el7.src.rpm
 kexec-tools-2.0.15-21.el7.x86_64.rpm
 libblkid-2.23.2-59.el7.x86_64.rpm
 libcom_err-1.42.9-13.el7.x86_64.rpm