LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-02-2017, 06:34 AM   #616
K-Wizzz
LQ Newbie
 
Registered: Jan 2014
Distribution: OpenBSD, Slackware
Posts: 16

Rep: Reputation: Disabled

Perl's `File::Path` has race conditions in `mtree` and `remove_tree` functions for `$VERSION` < 2.13
(Slackware 14.2's version is 2.09)

CVE:
* https://cve.mitre.org/cgi-bin/cvenam...=CVE-2017-6512
* https://nvd.nist.gov/vuln/detail/CVE-2017-6512

CPAN's RT:
* https://rt.cpan.org/Public/Bug/Display.html?id=121951

Solution: use CPAN's 2.13 version of `File::Path`
 
Old 07-05-2017, 04:33 PM   #617
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 402

Rep: Reputation: 185Reputation: 185
Quote:
Originally Posted by K-Wizzz View Post
Perl's `File::Path` has race conditions in `mtree` and `remove_tree` functions for `$VERSION` < 2.13
(Slackware 14.2's version is 2.09)

CVE:
* https://cve.mitre.org/cgi-bin/cvenam...=CVE-2017-6512
* https://nvd.nist.gov/vuln/detail/CVE-2017-6512

CPAN's RT:
* https://rt.cpan.org/Public/Bug/Display.html?id=121951

Solution: use CPAN's 2.13 version of `File::Path`
File::Path 2.13 has been superseded by 2.14:
https://metacpan.org/source/JKEENAN/...h-2.14/Changes
 
Old 07-06-2017, 11:34 PM   #618
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 163

Rep: Reputation: 108Reputation: 108
php-5.6.31

php-5.6.31 is released with many security fixes :

Quote:
Core:
Fixed bug #73807 (Performance problem with processing post request over 2000000 chars).
Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize).
Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory).
mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
OpenSSL:
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
PCRE:
Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
WDDX:
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV).
 
2 members found this post helpful.
Old 07-22-2017, 10:23 AM   #619
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 402

Rep: Reputation: 185Reputation: 185
Kernels 4.4.78 and 4.9.39

These kernels fixes the following CVEs:
CVE-2016-6213
CVE-2017-1000370
CVE-2017-1000371
4.4.78
ChangeLog 4.4.78
4.9.39
ChangeLog 4.9.39

Last edited by mats_b_tegner; 07-24-2017 at 09:18 AM. Reason: added CVE
 
3 members found this post helpful.
Old Today, 12:44 AM   #620
bormant
Member
 
Registered: Jan 2008
Posts: 260

Rep: Reputation: 136Reputation: 136
https://slackbuilds.org/repository/1...ve-check-tool/
It has no special filter for Slackware packages but still can be useful "as is" for potential CVEs detection by software name and version.
 
1 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM


All times are GMT -5. The time now is 06:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration