SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While the fixes cover all the cases currently known to X.Org, these are
not the first issues in this area and are unlikely to be the last.
Users can reduce their exposure to issues similar to the ones in this
advisory via these methods:
* Configure the X server to prohibit X connections from the network
by passing the "-nolisten tcp" command line option to the X server.
Many OS distributions already set this option by default, and it
will be set by default in the upstream X.Org release starting with
Xorg 1.17.
* Disable GLX indirect contexts. Some implementations have a
configuration option for this. In Xorg 1.16 or newer, this can
be achieved by setting the '-iglx' X server command line option.
This option will be the default in Xorg 1.17 and later releases.
Consult your operating system's documentation for details on setting X
server command line options, as X servers are started by a variety of
different methods on different platforms (startx, gdm, kdm, xdm, etc.).
* Disable GLX indirect contexts. Some implementations have a
configuration option for this. In Xorg 1.16 or newer, this can
be achieved by setting the '-iglx' X server command line option.
This option will be the default in Xorg 1.17 and later releases.
For the nvidia driver it looks like this is the option:
... though somewhat confusingly, the documentation has two contradictory sections on this.
Quote:
For those who wish to disable the use of indirect GLX protocol on a given
X screen, setting the "AllowIndirectGLXProtocol" to a true value will
cause GLX CreateContext requests with the "direct" parameter set to
"False" to fail with a BadValue error.
and
Quote:
The NVIDIA GLX implementation will prohibit creation of indirect GLX
contexts if the AllowIndirectGLXProtocol option is set to False, or the
-iglx switch was passed to the X server (X.Org server 1.16 or higher), or
the X server defaulted to '-iglx'.
Of the two contradictory statements, the first one sounds like it's wrong (based on the option name).
Configure the X server to prohibit X connections from the network
by passing the "-nolisten tcp" command line option to the X server.
Many OS distributions already set this option by default, and it
will be set by default in the upstream X.Org release starting with
Xorg 1.17.
This is the first RC for xserver 1.16.3. It includes fixes for today's security advisory, plus an fb fix for X.Org bug#54168, a few fixes for the present extension, and a documentation update for the new -iglx/+iglx command-line flags.
Cheers,
Julien
The PHP development team announces the immediate availability of PHP 5.4.36. Two security-related bugs were fixed in this release, including the fix for CVE-2014-8142. All PHP 5.4 users are encouraged to upgrade to this version.
And today xorg-server 1.16.3 has been released that mostly addresses security advisory 2014-12-09. That fixes a bunch of vulnerabilities, including CVE-2014-8092, dating back september 1987 and introduced in X11R1, long before Linux and Slackware's birth
CVE-2014-9296 is a ntpd vulnerability, impacts all versions prior to 4.2.8:
I've had quite enough of these major ntpd vulnerabilities, I will keep it disabled until further notice. I have a feeling the protocol itself is outdated. I will use 'ntpd -q' to set the time once in a while and that's it.
Good idea. I've been using rsetdate (which uses the daytime protocol) in /etc/cron.daily since 1998'ish, and never touched it since because it jfw. It might not give me microseconds accuracy, but I don't need that.
Samba 4.1.16 and 4.0.24 have been issued as security releases in order
to address CVE-2014-8143 (Elevation of privilege to Active Directory Domain
Controller). For the sake of completeness, Samba 4.2.0rc4 including a fix for
this defect will follow soon, but it won't be a dedicated security release
and will therefore address other bug fixes also.
o CVE-2014-8143:
Samba's AD DC allows the administrator to delegate
creation of user or computer accounts to specific users or groups.
However, all released versions of Samba's AD DC did not implement the
additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
userAccountControl attributes.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.