StarlingX

  1. Bug #1847817
  2. Comment #15

Comment 15 for bug 1847817

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (r/stx.2.0)

Reviewed: https://review.opendev.org/701650
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=5fffe1c5dc1e0839c5213a8d783750e07748c119
Submitter: Zuul
Branch: r/stx.2.0

commit 5fffe1c5dc1e0839c5213a8d783750e07748c119
Author: Robin Lu <email address hidden>
Date: Thu Nov 21 14:41:24 2019 +0800

    Upgrade std/rt kernel to version 1062.1.2 for fixing CVE bug

    To fix below kernel CVE, std/rt kernel will be upgraded to a
    higher version than current version.
    So we will upgrade kernel srpm to below version, which will
    cover this issue.
    std kernel: kernel-3.10.0-1062.1.2.el7.src.rpm
    https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html
    rt kernel: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm
    https://access.redhat.com/errata/RHSA-2019:2830

    linux-firmware is brought forward due to a kernel spec file
    build dependency.

    CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in
    drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
    CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
    CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
    escape during migration

    Closes-Bug: 1849206
    Closes-Bug: 1849209
    Closes-Bug: 1847817

    Change-Id: Ic8c107e4850d0679470a4c8214c85c6d9a800beb
    Signed-off-by: Robin Lu <email address hidden>
    (cherry picked from commit c69bc1ef1efb9b784caf0398b9d5b44a52b01d9c)