ELSA-2017-3635

Описание

[4.1.12-103.9.2]

• Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]

[4.1.12-103.9.1]

• xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241]
• scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] {CVE-2017-14489}
• nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26999097]
• ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] {CVE-2017-7542}
• udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] {CVE-2017-1000112}
• drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]

[4.1.12-103.8.1]

• tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675]
• timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] {CVE-2017-10661}
• kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154}
• brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26880590] {CVE-2017-7541}
• crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] {CVE-2017-7618}
• ovl: use O_LARGEFILE in ovl_copy_up() (David Howells) [Orabug: 25953280]
• rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880508] {CVE-2017-7482} {CVE-2017-7482}
• tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] {CVE-2017-14106}