openwrtv3/target/linux
Jo-Philipp Wich f4a4f324cb kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-07 21:40:42 +02:00
..
adm5120 adm5120: mark the rb1xx subtarget as broken 2017-01-16 20:40:12 +01:00
adm8668 build: fix subtarget descriptions 2016-09-04 13:35:11 +02:00
apm821xx kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
ar7 ar7: diag.sh: use common status_led_* functions 2017-03-15 23:14:54 +01:00
ar71xx kernel: update kernel 4.4 to 4.4.71 2017-06-07 21:40:42 +02:00
arc770 kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
archs38 kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
armvirt armvirt: 64: enable usb support 2017-05-03 23:20:12 +08:00
at91 kernel: remove ubifs xz decompression support 2017-01-09 14:07:06 +01:00
ath25 ath25: add missed HAVE_IRQ_EXIT_ON_IRQ_STACK 2017-06-07 18:31:10 +02:00
au1000 kernel: update kernel 3.18 to version 3.18.43 2016-10-24 20:25:14 +03:00
bcm53xx kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
brcm47xx brcm47xx: remove target specific network preinit config 2017-05-27 12:17:40 +02:00
brcm63xx brcm63xx: drop support for specifying SPI flash part parsers 2017-06-04 11:33:44 +02:00
brcm2708 kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
cns3xxx kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
gemini gemini: rename config-default to config-4.4 2016-08-24 01:44:05 +03:00
generic kernel: update kernel 4.4 to 4.4.71 2017-06-07 21:40:42 +02:00
imx6 kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
ipq806x kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
ixp4xx kernel: update kernel 4.4 to 4.4.53 2017-03-12 15:46:02 +01:00
kirkwood kirkwood: set sata/usb led trigger for NSA3xx 2017-05-14 21:45:50 +02:00
lantiq kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
layerscape kernel: update kernel 4.4 to 4.4.52 2017-03-03 18:17:47 +01:00
malta malta: restore "be" subtarget from being source-only 2017-03-05 16:34:17 +01:00
mcs814x kernel: remove kmod packages for bridge, stp, llc and 8021q 2017-02-09 14:49:34 +01:00
mediatek kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
mpc85xx kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
mvebu kernel: update kernel 4.4 to 4.4.71 2017-06-07 21:40:42 +02:00
mxs mxs: enable nvmem support 2017-02-10 11:05:57 +01:00
octeon kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
omap omap: rework image generation and profiles 2017-04-24 18:03:31 +02:00
omap24xx kernel: clean up usb gadget support 2016-09-15 13:11:21 +02:00
orion kernel: split up 980-arm_openwrt_machtypes.patch and move to target folders 2017-01-27 11:18:27 +01:00
oxnas kernel: update kernel 4.4 to version 4.4.69 2017-05-21 21:48:16 +02:00
pistachio kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
ppc40x build: fix subtarget descriptions 2016-09-04 13:35:11 +02:00
ppc44x ppc44x: mark as broken 2017-01-10 12:49:34 +01:00
ramips kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
rb532 rb532: enable high-res timers, refresh kernel config 2017-06-07 18:31:10 +02:00
sunxi sunxi: sysupgrade: sync with x86 2017-05-29 23:50:35 +02:00
uml uml: Fix sample command line 2017-05-26 15:43:26 -07:00
x86 kernel: disable CONFIG_SG_POOL by default 2017-06-07 18:31:10 +02:00
xburst xburst: enable high-res timers, refresh kernel config 2017-06-07 18:31:10 +02:00
zynq kernel: remove out of tree direct-io disable hack 2017-04-26 10:27:45 +02:00
Makefile