commit fcae12e4f623c24df19ea6ee2bb4ccff49557d93

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=685

dtb-aarch64.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

dtb-aarch64.spec

@@ -31,7 +31,7 @@
 Name:           dtb-aarch64
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

dtb-armv6l.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

dtb-armv6l.spec

@@ -31,7 +31,7 @@
 Name:           dtb-armv6l
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

dtb-armv7l.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

dtb-armv7l.spec

@@ -31,7 +31,7 @@
 Name:           dtb-armv7l
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-64kb.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-64kb.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-debug.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-debug.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-default.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-default.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-docs.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-docs.spec

@@ -44,7 +44,7 @@ License:        GPL-2.0
 Group:          Documentation/Man
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-lpae.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-lpae.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-obs-build.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-obs-build.spec

@@ -59,7 +59,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-obs-qa.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-obs-qa.spec

@@ -38,7 +38,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-pae.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-pae.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-source.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-source.spec

@@ -32,7 +32,7 @@ License:        GPL-2.0
 Group:          Development/Sources
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-syms.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-syms.spec

@@ -27,7 +27,7 @@ Group:          Development/Sources
 Version:        4.11.2
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-syzkaller.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-syzkaller.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

kernel-vanilla.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed May 24 13:34:41 CEST 2017 - mkubecek@suse.cz
+
+- ipv6/dccp: do not inherit ipv6_mc_list from parent
+  (CVE-2017-9076 CVE-2017-9077 bsc#1039885 bsc#1040069).
+- commit fcae12e
+
+-------------------------------------------------------------------
+Wed May 24 13:30:56 CEST 2017 - mkubecek@suse.cz
+
+- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
+  (CVE-2017-9075 bsc#1039883).
+- commit 9f0e1bf
+
+-------------------------------------------------------------------
+Wed May 24 13:22:36 CEST 2017 - mkubecek@suse.cz
+
+- ipv6: Check ip6_find_1stfragopt() return value properly
+  (CVE-2017-9074 bsc#1039882).
+- ipv6: Prevent overrun when parsing v6 header options
+  (CVE-2017-9074 bsc#1039882).
+- commit 1862833
+
+-------------------------------------------------------------------
+Wed May 24 13:17:31 CEST 2017 - mkubecek@suse.cz
+
+- ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487
+  bsc#1038879).
+- commit 01283ea
+
+-------------------------------------------------------------------
+Wed May 24 11:36:31 CEST 2017 - mkubecek@suse.cz
+
+- dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890
+  bsc#1038544).
+- commit cedfd44
+
 -------------------------------------------------------------------
 Tue May 23 16:57:08 CEST 2017 - tiwai@suse.de
 

kernel-vanilla.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.11.2
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga536fda
+Release:        <RELEASE>.gfcae12e
 %else
 Release:        0
 %endif

patches.fixes.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ad7e1f8dd377905d1243f73ffcbf44b047a82a128fdce258f49659b9d22aa576
-size 12578
+oid sha256:a0cce5460613144e5d89bbee3ba49384267238e2fb7bd16677ac7d5b0b5c7942
+size 18313

series.conf

@@ -212,6 +212,12 @@
 	########################################################
 	# Networking, IPv6
 	########################################################
+	patches.fixes/dccp-tcp-do-not-inherit-mc_list-from-parent.patch
+	patches.fixes/ipx-call-ipxitf_put-in-ioctl-error-path.patch
+	patches.fixes/ipv6-Prevent-overrun-when-parsing-v6-header-options.patch
+	patches.fixes/ipv6-Check-ip6_find_1stfragopt-return-value-properly.patch
+	patches.fixes/sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch
+	patches.fixes/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch
 
 	########################################################
 	# Netfilter

source-timestamp

@@ -1,3 +1,3 @@
-2017-05-23 16:57:08 +0200
-GIT Revision: a536fdad31a09b43286d10f8bd7b450e2019203c
+2017-05-24 13:34:41 +0200
+GIT Revision: fcae12e4f623c24df19ea6ee2bb4ccff49557d93
 GIT Branch: stable