From c69bc1ef1efb9b784caf0398b9d5b44a52b01d9c Mon Sep 17 00:00:00 2001 From: Robin Lu Date: Thu, 21 Nov 2019 14:41:24 +0800 Subject: [PATCH] Upgrade std/rt kernel to version 1062.1.2 for fixing CVE bug To fix below kernel CVE, std/rt kernel will be upgraded to a higher version than current version. So we will upgrade kernel srpm to below version, which will cover this issue. std kernel: kernel-3.10.0-1062.1.2.el7.src.rpm https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html rt kernel: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm https://access.redhat.com/errata/RHSA-2019:2830 linux-firmware is brought forward due to a kernel spec file build dependency. CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel escape during migration Closes-Bug: 1849206 Closes-Bug: 1849209 Closes-Bug: 1847817 Change-Id: Ic8c107e4850d0679470a4c8214c85c6d9a800beb Signed-off-by: Robin Lu --- centos-mirror-tools/rpms_centos.lst | 6 +++--- centos-mirror-tools/rpms_centos3rdparties.lst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/rpms_centos.lst b/centos-mirror-tools/rpms_centos.lst index 68d948d4..66afb6fe 100644 --- a/centos-mirror-tools/rpms_centos.lst +++ b/centos-mirror-tools/rpms_centos.lst @@ -525,8 +525,8 @@ kbd-1.15.5-15.el7.x86_64.rpm kbd-legacy-1.15.5-15.el7.noarch.rpm kbd-misc-1.15.5-15.el7.noarch.rpm kde-filesystem-4-47.el7.x86_64.rpm -kernel-3.10.0-957.21.3.el7.src.rpm -kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm +kernel-3.10.0-1062.1.2.el7.src.rpm +kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm keyutils-1.5.8-3.el7.x86_64.rpm keyutils-libs-1.5.8-3.el7.x86_64.rpm keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm @@ -813,7 +813,7 @@ libzstd-1.4.2-1.el7.x86_64.rpm lighttpd-1.4.54-1.el7.src.rpm linuxconsoletools-1.4.5-3.el7.x86_64.rpm linuxdoc-tools-0.9.68-5.el7.x86_64.rpm -linux-firmware-20180911-69.git85c5d90.el7.noarch.rpm +linux-firmware-20190429-72.gitddde598.el7.noarch.rpm linux-libertine-biolinum-fonts-5.3.0-6.2012_07_02.el7.noarch.rpm linux-libertine-fonts-5.3.0-6.2012_07_02.el7.noarch.rpm linux-libertine-fonts-common-5.3.0-6.2012_07_02.el7.noarch.rpm diff --git a/centos-mirror-tools/rpms_centos3rdparties.lst b/centos-mirror-tools/rpms_centos3rdparties.lst index 8cd0bfcc..8511d6ef 100644 --- a/centos-mirror-tools/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/rpms_centos3rdparties.lst @@ -42,7 +42,7 @@ iprutils-2.4.16.1-1.el7.x86_64.rpm java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.191.b12-1.el7_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64.rpm -kernel-rt-3.10.0-957.21.3.rt56.935.el7.src.rpm +kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm kexec-tools-2.0.15-21.el7.x86_64.rpm libblkid-2.23.2-59.el7.x86_64.rpm libcom_err-1.42.9-13.el7.x86_64.rpm