LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-06-2014, 07:10 AM   #166
BenCollver
Rogue Class
 
Registered: Sep 2006
Location: OR, USA
Distribution: Slackware64-15.0
Posts: 371
Blog Entries: 2

Rep: Reputation: 172Reputation: 172
Linux kernel exploit CVE-2014-3153


http://seclists.org/oss-sec/2014/q2/467
 
1 members found this post helpful.
Old 06-06-2014, 11:00 AM   #167
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,873

Rep: Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982
Cheers Ben.

Looks like Greg K-H will be throwing out some new stable kernels tonight/tomorrow, just checked the stable patches and the two 'futex' related patches are in the list for 3.10.42. Guess I know what I'll be doing tomorrow.
 
Old 06-06-2014, 11:04 AM   #168
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
Quote:
Originally Posted by jprzybylski View Post
I personally doubt that OpenBSD will crowdfund LibreSSL - they seem to prefer foundations.

Incidentally, the OpenBSD Foundation official supports LibreSSL, and there is a fundraising campaign every year. (Campaign 2014 has met its goal, but that doesn't stop anybody from donating!)
That's good, maybe they'll have enough. I was just thinking that libressl would appeal to much more than just OpenBSD users, especially with recent news.
 
Old 06-07-2014, 02:57 AM   #169
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,873

Rep: Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982
if you're interested in the whole openssl/libressl thing, this LibreSSL presentation by Bob Beck recorded at Calgary UNIX User Group (youtube) might be of interest. It's quite long, but I found it entertaining and informative.
 
2 members found this post helpful.
Old 06-07-2014, 04:14 AM   #170
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by GazL View Post
This thread is getting a little long and confusing now,
The problem is a forum is not the suitable tool/place/audience for this. It has existed for decades a poven better, easier, convenient way and till I know it's neither broken nor obsolete. It doesn't need a fix. But perhaps it isn't *modern* enough (Luddite) for some people here: plain text on mailing list.

For example, slackware-security mailing list is abandoned and has a lot of html formated messages.

Last edited by eloi; 06-07-2014 at 04:19 AM.
 
Old 06-07-2014, 04:21 AM   #171
ponce
LQ Guru
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 7,060

Rep: Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139
Quote:
Originally Posted by eloi View Post
slackware-security mailing list is abandoned
why are you saying this? I received this just a few hours ago (I cutted only the top headers)
Code:
Date: Fri, 6 Jun 2014 21:03:06 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security]  mozilla-firefox (SSA:2014-157-01)
Message-ID: <alpine.LNX.2.02.1406062102480.21729@connie.slackware.com>
User-Agent: Alpine 2.02 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-slackware-security@slackware.com
Reply-To: Slackware Security Team <security@slackware.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  mozilla-firefox (SSA:2014-157-01)

New mozilla-firefox packages are available for Slackware 14.1 to fix
security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.6.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-firefox-24.6.0esr-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-firefox-24.6.0esr-x86_64-1_slack14.1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
9ba04aa0691c3b6f26580dcfdd6d3763  mozilla-firefox-24.6.0esr-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
f223ca0a93a62b843552a41e30d2c1d4  mozilla-firefox-24.6.0esr-x86_64-1_slack14.1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-24.6.0esr-i486-1_slack14.1.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlOSjyEACgkQakRjwEAQIjNxKACdElTd0R2MCu6RDcGAuazIitwy
HpUAoIWe3w2Z7Y6FdJd/84TwyOtPKjVm
=dcdB
-----END PGP SIGNATURE-----

Last edited by ponce; 06-07-2014 at 04:24 AM.
 
Old 06-07-2014, 04:28 AM   #172
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by ponce View Post
why are you saying this? I received this just a few hours ago (I just cutted the top headers)
OK. I checked it using Pan via gmane and the last message is from 2013. Probably a gmane server sync issue. Thanks for the clarification.


Walter
 
Old 06-07-2014, 04:31 AM   #173
ponce
LQ Guru
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 7,060

Rep: Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139Reputation: 4139
np: just FYI I received 41 (plain-text) messages from it in 2014, see http://www.slackware.com/lists/archi...ecurity&y=2014

Last edited by ponce; 06-07-2014 at 04:34 AM.
 
Old 06-07-2014, 04:52 AM   #174
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by ponce View Post
np: just FYI I received 41 (plain-text) messages from it in 2014, see http://www.slackware.com/lists/archi...ecurity&y=2014
My mistake about the particular case of slackware-security was bacause I use to check the lists I'm not associated with via news.gmane.org. It's not the first time this happens, surely a gmane issue. Thanks again for your info.

The aim of my post is to point that in general terms, Slackware mailing lists are a bit abandoned in favor to use this forum for bug reports.

Last edited by eloi; 06-07-2014 at 04:53 AM.
 
Old 06-07-2014, 05:36 AM   #175
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,873

Rep: Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982
This thread is not a replacement for the slackware security mailing list, it's an additional source of information for those of us who want to go above and beyond what Pat/Slackware provide. The forum is perfect for listing and discussing new vulnerabilities as and when they occur. What is lacking is an overview summary of the current state of play, i.e. things Pat is either: still to patch, has chosen not to patch, or has just plain missed.
 
Old 06-07-2014, 06:43 AM   #176
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by GazL View Post
This thread is not a replacement for the slackware security mailing list, it's an additional source of information for those of us who want to go above and beyond what Pat/Slackware provide. The forum is perfect for listing and discussing new vulnerabilities as and when they occur. What is lacking is an overview summary of the current state of play, i.e. things Pat is either: still to patch, has chosen not to patch, or has just plain missed.
Last attempt sub-quoting myself.

slackware-security is not for discussion, is for report security messages to users.

I avoid to mention a "develop" mailing list knowing the Slackware "particular" way. But traditionally FOSS projects have had a mailing list for security reports, another for bug reports, another for discussion... Why you think a forum could be a "perfect" replacement for that traditional way I don't even guess. But let's this die here to not extend the OT.

Last edited by eloi; 06-07-2014 at 06:52 AM.
 
Old 06-07-2014, 06:48 AM   #177
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Rep: Reputation: Disabled
A more sophisticated bug tracking system would need relevant infrastructure and maintenance. Till someone provides that, let's continue to read the mailing lists, post our questions, requests, thoughts and information in this forum.

Last edited by Didier Spaier; 06-07-2014 at 06:51 AM.
 
Old 06-07-2014, 07:03 AM   #178
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by Didier Spaier View Post
A more sophisticated bug tracking system would need relevant infrastructure and maintenance. Till someone provides that, let's continue to read the mailing lists, post our questions, requests, thoughts and information in this forum.
And sub-quoting myself again.

Taking in care Slackware development modus operandi a bug tracking system (already invented) is of no use. Mailing lists servers are already provided and ready to use for the rest of functionality. Who think a forum is better for that is because ignores how to use mailing lists. Forums were adopted by users for the same reason all *reinventing the wheel new stuff* is adopted (i.e. systemd), ignorance and laziness.

Last edited by eloi; 06-07-2014 at 07:06 AM.
 
Old 06-07-2014, 07:07 AM   #179
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Rep: Reputation: Disabled
Quote:
Originally Posted by eloi View Post
Mailing lists servers are already provided and ready to use for the rest of functionality.
You are free to take the initiative and run these mailing lists.

Last edited by Didier Spaier; 06-07-2014 at 07:08 AM.
 
Old 06-07-2014, 07:09 AM   #180
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by Didier Spaier View Post
Then launch one and run it.
They are running, not by me, but they are.

(Well I see I've got your post right before you masked your "shut up" with the "freedom" softening ).

Last edited by eloi; 06-07-2014 at 07:20 AM.
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration