LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-08-2014, 11:03 PM   #301
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333

Last bind versions are released with security fixes :
http://www.isc.org/blogs/important-s...visory-posted/

You can download it at (for slackware-14.1) :
- ftp://ftp.isc.org/isc/bind9/9.9.6-P1....9.6-P1.tar.gz
- ftp://ftp.isc.org/isc/bind9/9.9.6-P1...-P1.tar.gz.asc
 
Old 12-09-2014, 12:49 PM   #302
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 543

Rep: Reputation: 121Reputation: 121
Here we go...

X.Org Security Advisory: Dec. 9, 2014

Mitigation
==========

While the fixes cover all the cases currently known to X.Org, these are
not the first issues in this area and are unlikely to be the last.

Users can reduce their exposure to issues similar to the ones in this
advisory via these methods:

* Configure the X server to prohibit X connections from the network
by passing the "-nolisten tcp" command line option to the X server.
Many OS distributions already set this option by default, and it
will be set by default in the upstream X.Org release starting with
Xorg 1.17.

* Disable GLX indirect contexts. Some implementations have a
configuration option for this. In Xorg 1.16 or newer, this can
be achieved by setting the '-iglx' X server command line option.
This option will be the default in Xorg 1.17 and later releases.

Consult your operating system's documentation for details on setting X
server command line options, as X servers are started by a variety of
different methods on different platforms (startx, gdm, kdm, xdm, etc.).
 
1 members found this post helpful.
Old 12-09-2014, 04:08 PM   #303
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,873

Rep: Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982
Quote:
Originally Posted by BrZ View Post
* Disable GLX indirect contexts. Some implementations have a
configuration option for this. In Xorg 1.16 or newer, this can
be achieved by setting the '-iglx' X server command line option.
This option will be the default in Xorg 1.17 and later releases.
For the nvidia driver it looks like this is the option:
Code:
# /etc/X11/xorg.conf.d/87-nvidia.conf ##################################

Section "Device"
  Identifier "nvidia"
    Driver "nvidia"
    Option "AllowIndirectGLXProtocol" "false"
EndSection

########################################################################
... though somewhat confusingly, the documentation has two contradictory sections on this.
Quote:
For those who wish to disable the use of indirect GLX protocol on a given
X screen, setting the "AllowIndirectGLXProtocol" to a true value will
cause GLX CreateContext requests with the "direct" parameter set to
"False" to fail with a BadValue error.
and
Quote:
The NVIDIA GLX implementation will prohibit creation of indirect GLX
contexts if the AllowIndirectGLXProtocol option is set to False, or the
-iglx switch was passed to the X server (X.Org server 1.16 or higher), or
the X server defaulted to '-iglx'.
Of the two contradictory statements, the first one sounds like it's wrong (based on the option name).

Last edited by GazL; 12-09-2014 at 04:11 PM.
 
Old 12-09-2014, 04:47 PM   #304
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,350

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
Quote:
Configure the X server to prohibit X connections from the network
by passing the "-nolisten tcp" command line option to the X server.
Many OS distributions already set this option by default, and it
will be set by default in the upstream X.Org release starting with
Xorg 1.17.
http://docs.slackware.com/howtos:sec..._-nolisten_tcp
 
Old 12-09-2014, 05:11 PM   #305
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 543

Rep: Reputation: 121Reputation: 121
@GazL,

I saw it whle reading II Appendix B. X Config Options and I'm trying to understand their logic (or lack of).

Nvidia also issued an advisory and some driver updates.

xorg-server 1.16.2.901 just came out:
Quote:
This is the first RC for xserver 1.16.3. It includes fixes for today's security advisory, plus an fb fix for X.Org bug#54168, a few fixes for the present extension, and a documentation update for the new -iglx/+iglx command-line flags.
Cheers,
Julien

Last edited by BrZ; 12-09-2014 at 05:27 PM.
 
Old 12-19-2014, 08:26 PM   #306
ttk
Senior Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 1,038
Blog Entries: 27

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
CVE-2014-9296 is a ntpd vulnerability, impacts all versions prior to 4.2.8:

https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
 
4 members found this post helpful.
Old 12-19-2014, 10:24 PM   #307
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by http://php.net/
The PHP development team announces the immediate availability of PHP 5.4.36. Two security-related bugs were fixed in this release, including the fix for CVE-2014-8142. All PHP 5.4 users are encouraged to upgrade to this version.
You can download it at :
http://us.php.net/distributions/php-5.4.36.tar.bz2
http://us.php.net/distributions/php-5.4.36.tar.bz2.asc
 
1 members found this post helpful.
Old 12-20-2014, 12:02 PM   #308
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Rep: Reputation: Disabled
Quote:
Originally Posted by BrZ View Post
xorg-server 1.16.2.901 just came out:
And today xorg-server 1.16.3 has been released that mostly addresses security advisory 2014-12-09. That fixes a bunch of vulnerabilities, including CVE-2014-8092, dating back september 1987 and introduced in X11R1, long before Linux and Slackware's birth
 
2 members found this post helpful.
Old 12-22-2014, 07:08 PM   #309
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
Quote:
Originally Posted by ttk View Post
CVE-2014-9296 is a ntpd vulnerability, impacts all versions prior to 4.2.8:
I've had quite enough of these major ntpd vulnerabilities, I will keep it disabled until further notice. I have a feeling the protocol itself is outdated. I will use 'ntpd -q' to set the time once in a while and that's it.
 
Old 12-22-2014, 09:31 PM   #310
ttk
Senior Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 1,038
Blog Entries: 27

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
Good idea. I've been using rsetdate (which uses the daytime protocol) in /etc/cron.daily since 1998'ish, and never touched it since because it jfw. It might not give me microseconds accuracy, but I don't need that.
 
Old 01-08-2015, 11:38 PM   #311
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
openssl

openssl-1.0.1k and openssl-0.9.8zd are released with security fixes :
http://openssl.org/news/secadv_20150108.txt
 
Old 01-09-2015, 01:34 PM   #312
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,015

Rep: Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186
Quote:
Originally Posted by Thom1b View Post
openssl-1.0.1k and openssl-0.9.8zd are released with security fixes :
http://openssl.org/news/secadv_20150108.txt
It has been posted to both the stable and -current ChangeLogs,

http://www.slackware.com/changelog/

Last edited by cwizardone; 01-09-2015 at 01:35 PM.
 
Old 01-13-2015, 11:50 AM   #313
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
This one seems to be a different libelf bug than the previously listed one:
http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-9447
 
Old 01-15-2015, 10:48 PM   #314
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
samba-4.1.16

Quote:
Samba 4.1.16 and 4.0.24 have been issued as security releases in order
to address CVE-2014-8143 (Elevation of privilege to Active Directory Domain
Controller). For the sake of completeness, Samba 4.2.0rc4 including a fix for
this defect will follow soon, but it won't be a dedicated security release
and will therefore address other bug fixes also.

For more details, please see
http://www.samba.org/samba/history/security.html


o CVE-2014-8143:
Samba's AD DC allows the administrator to delegate
creation of user or computer accounts to specific users or groups.

However, all released versions of Samba's AD DC did not implement the
additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
userAccountControl attributes.
https://download.samba.org/pub/samba...-4.1.16.tar.gz
https://download.samba.org/pub/samba...4.1.16.tar.asc
 
Old 01-24-2015, 12:57 PM   #315
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 278
Blog Entries: 7

Rep: Reputation: Disabled
libpng
gnutls
openssl
flashplayer-plugins

more new updates for them.

Last edited by number22; 01-24-2015 at 12:59 PM.
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration