[pve-devel] applied: [PATCH kernel 0/3] fix CVE-2017-6074, revert 4.4.44 update

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Feb 23 18:53:15 CET 2017


seems like there is some yet-to-triage bug in the 4.4.40->4.4.44 kernel
commits which leads to failing windows live migrations.

revert the update for now, and instead roll out the CVE-2017-6074 fix on
top of the already publicly released 4.4.40 packages.

upgrade to 4.4.44 (or later) will wait until the live migration issue
is further narrowed down and fixed.

Fabian Grünbichler (3):
  Revert broken 4.4.44 commits
  fix CVE-2017-6074: local root in dccp module
  bump version to 4.4.40-82

 changelog.Debian                                   |   12 +-
 changelog.firmware                                 |    6 -
 proxmox-ve/changelog.Debian                        |    8 -
 Makefile                                           |   17 +-
 ...hrottle-on-IO-only-when-there-are-too-man.patch |  118 +++
 0002-Revert-mm-oom-rework-oom-detection.patch      |  255 +++++
 ...x86-fix-emulation-of-MOV-SS-null-selector.patch |  107 +++
 ...reeing-skb-too-early-for-IPV6_RECVPKTINFO.patch |   58 ++
 drbd-9.0.5-1.tar.gz                                |  Bin 0 -> 390720 bytes
 drbd-9.0.6-1.tar.gz                                |  Bin 394082 -> 0 bytes
 fwlist-4.4.44-1-pve                                | 1016 --------------------
 ubuntu-xenial.tgz                                  |  Bin 146076086 -> 145945176 bytes
 12 files changed, 551 insertions(+), 1046 deletions(-)
 create mode 100644 0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch
 create mode 100644 0002-Revert-mm-oom-rework-oom-detection.patch
 create mode 100644 CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
 create mode 100644 CVE-2017-6074-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
 create mode 100644 drbd-9.0.5-1.tar.gz
 delete mode 100644 drbd-9.0.6-1.tar.gz
 delete mode 100644 fwlist-4.4.44-1-pve

-- 
2.1.4





More information about the pve-devel mailing list