LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-18-2017, 04:28 PM   #571
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649

Quote:
Originally Posted by Thom1b View Post
mariadb-10.0.29 is released with many security fixes.
https://mariadb.com/kb/en/mariadb/ma...release-notes/
New packages are available for 14.1, 14.2 and -current according to the latest ChangeLogs:
Quote:
Wed Jan 18 20:39:17 UTC 2017
patches/packages/mariadb-5.5.54-i486-1_slack14.1.txz: Upgraded.
patches/packages/mariadb-10.0.29-i586-1_slack14.2.txz: Upgraded.
ap/mariadb-10.0.29-i586-1.txz: Upgraded.
This update fixes several security issues.

Last edited by mats_b_tegner; 01-19-2017 at 05:41 AM.
 
Old 01-20-2017, 12:30 PM   #572
elcore
Senior Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 1,747

Rep: Reputation: Disabled
mozilla-nss-3.23 found in 14.1 is outdated, 3.28 is available.

cURL 7.52.1 is also available, fixed multiple flaws.
 
Old 01-20-2017, 02:35 PM   #573
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 2,454

Rep: Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347
Quote:
Originally Posted by elcore View Post
mozilla-nss-3.23 found in 14.1 is outdated, 3.28 is available.
3.23 was the last update to note any security fixes.

Quote:
cURL 7.52.1 is also available, fixed multiple flaws.
No mention of security fixes here either.

Let's try to stay on topic, OK?
 
2 members found this post helpful.
Old 01-20-2017, 07:08 PM   #574
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Kernel 4.4.44

Kernel 4.4.44 fixes the following CVEs: CVE-2016-9191, CVE-2017-2583 and CVE-2017-2584.
https://cdn.kernel.org/pub/linux/ker...angeLog-4.4.44
https://cdn.kernel.org/pub/linux/ker...-4.4.44.tar.xz
 
Old 01-20-2017, 09:06 PM   #575
elcore
Senior Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 1,747

Rep: Reputation: Disabled
Quote:
Originally Posted by volkerdi View Post
Let's try to stay on topic, OK?
I posted because there was this in the news feed:

https://security.gentoo.org/glsa/201701-46
https://security.gentoo.org/glsa/201701-47
 
1 members found this post helpful.
Old 01-24-2017, 03:48 PM   #576
qunying
Member
 
Registered: Jun 2002
Distribution: Slackware
Posts: 256

Rep: Reputation: 146Reputation: 146
OpenSSL 1.1.0d, 1.0.2k security released on 26th January 2017
OpenSSL Security Advisory, 26 Jan 2017

Last edited by qunying; 01-30-2017 at 12:46 PM.
 
2 members found this post helpful.
Old 01-28-2017, 04:19 PM   #577
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Quote:
Originally Posted by qunying View Post
OpenSSL 1.1.0d, 1.0.2k security released on on 26th January 2017
OpenSSL Security Advisory, 26 Jan 2017
Fixed typo in URL.
 
1 members found this post helpful.
Old 02-07-2017, 03:32 AM   #578
haary
Member
 
Registered: Apr 2015
Posts: 49

Rep: Reputation: Disabled
PHP 5.6.30 was released on 19 Jan 2017 https://secure.php.net/ChangeLog-5.php#5.6.30
Fixes for CVE-2016-10158, CVE-2016-10167, CVE-2016-10168, CVE-2016-10159, CVE-2016-10160 and CVE-2016-10161 are included

Last edited by haary; 02-07-2017 at 03:36 AM.
 
Old 02-14-2017, 12:45 PM   #579
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Security fixes for NVidia Graphic drivers R378, R375, R340, R304:
https://nvidia.custhelp.com/app/answ...tail/a_id/4398
http://www.nvidia.com/download/drive...x/115031/en-us
http://www.nvidia.com/download/drive...x/114708/en-us
http://www.nvidia.com/download/drive...x/114719/en-us
http://www.nvidia.com/download/drive...x/114714/en-us

Fixes the following CVEs:
CVE-2017-0309
CVE-2017-0310
CVE-2017-0311
CVE-2017-0318
CVE-2017-0321

Last edited by mats_b_tegner; 02-14-2017 at 05:31 PM. Reason: Added CVEs
 
1 members found this post helpful.
Old 02-22-2017, 11:12 AM   #580
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,015

Rep: Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186
Cve-2017-6074

CVE-2017-6074

Is CONFIG_IP_DCCP enabled in the kernel built for stable and current?

More here,
https://git.kernel.org/cgit/linux/ke...55ef99d9798ba4

Last edited by cwizardone; 02-22-2017 at 11:13 AM.
 
1 members found this post helpful.
Old 02-22-2017, 11:20 AM   #581
atelszewski
Member
 
Registered: Aug 2007
Distribution: Slackware
Posts: 948

Rep: Reputation: Disabled
Hi,

Quote:
Originally Posted by cwizardone View Post
Is CONFIG_IP_DCCP enabled in the kernel built for stable and current?

From 14.2:
Code:
$ grep CONFIG_IP_DCCP /boot/config-generic-4.4.38 
CONFIG_IP_DCCP=m
--
Best regards,
Andrzej Telszewski
 
1 members found this post helpful.
Old 02-22-2017, 01:46 PM   #582
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,350

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
For more on CVE-2017-6074 see here. I do not use IPV6 (yet), so I do not feel threatened at the moment, but the fix seems simple.
 
1 members found this post helpful.
Old 02-22-2017, 04:09 PM   #583
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
cURL and util-linux

curl 7.53.0 fixes CVE-2017-2629
https://curl.haxx.se/changes.html#7_53_0
https://curl.haxx.se/download/curl-7.53.0.tar.bz2
https://curl.haxx.se/download/curl-7.53.0.tar.bz2.asc

util-linux 2.29.2 fixes CVE-2017-2616
https://www.kernel.org/pub/linux/uti...2-ReleaseNotes
https://www.kernel.org/pub/linux/uti...-2.29.2.tar.xz
https://www.kernel.org/pub/linux/uti....29.2.tar.sign

Last edited by mats_b_tegner; 02-22-2017 at 04:14 PM.
 
1 members found this post helpful.
Old 02-23-2017, 12:37 PM   #584
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 2,454

Rep: Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347
We don't use su from util-linux -- we use the one from shadow. They found the same issue in the shadow su, though.

The first line of the commit to fix the issue begins like this:

"If su is compiled with PAM support..."
 
11 members found this post helpful.
Old 02-25-2017, 08:58 PM   #585
aaazen
Member
 
Registered: Dec 2009
Posts: 358

Rep: Reputation: Disabled
Quote:
Originally Posted by allend View Post
For more on CVE-2017-6074 see here. I do not use IPV6 (yet), so I do not feel threatened at the moment, but the fix seems simple.
Linux 4.10 has the fix applied:

Andrey Konovalov (1):
dccp: fix freeing skb too early for IPV6_RECVPKTINFO

This article is interesting:

https://threatpost.com/impact-of-new...imited/123863/

It appears that one needs to be using both IPV6 and DCCP and have the hacker already logged on the system to be vulnerable.

One way to disable IPV6 is to create a /etc/modprobe.d/ipv6.conf file containing this:
Code:
alias net-pf-10 off
alias ipv6 off
And then reboot.

Update 2016-02-26: New kernels today, 4.10.1, 4.9.13 and 4.4.52 all have the fix.

Last edited by aaazen; 02-26-2017 at 12:44 PM.
 
2 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 02:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration