LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-20-2008, 05:23 PM   #1
GazL
Senior Member
 
Registered: May 2008
Posts: 3,480

Rep: Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016
X11 vulnerabilities?


http://www.linuxquestions.org/questi...lities-648930/

After seeing this post on lq security board, I've been keeping my eye on the security announcements page on slackware.com for the last week expecting patches for these to pop up on there, but so far no sign.

Does Slackware not need these? or am I just being too impatient? The only reason I ask is that Pat is usually quite quick with security patches, so it got me wondering whether they may not be applicable for some reason.
 
Old 06-20-2008, 05:52 PM   #2
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.1 64-bit with multilib
Posts: 2,085

Rep: Reputation: 212Reputation: 212Reputation: 212
This looks relatively recent. I have no doubt that Pat will most likely release an update for Slackware, but consider that he just got through another major release of Slackware. I wouldn't worry too much though since there already have been some changes again to -current and some security patches, so I am sure there will be patches for X11 because Pat has never missed or skipped any patches that have to do with security. Also, if you haven't, I would recommend subscribing to the Slackware Security Mailing list. Thats how I get all my patches. Whenever a new security patch is released, I get emailed with links to the patch for my version of Slackware.

Security patches are being released for versions all the way down to 8.0.
 
Old 06-21-2008, 01:37 PM   #3
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Most of them will crash xorg upon receiving a 'specially crafted request', not a huge exploit, and it must be done by an expert.

The major problem I see for most people is the one highlighted in red:
Quote:
Successful exploitation of vulnerabilities #1, #3, and #4 may allow execution of arbitrary code with privileges of the X server (typically root).

Last edited by H_TeXMeX_H; 06-22-2008 at 01:42 PM. Reason: I was wrong
 
Old 06-21-2008, 02:38 PM   #4
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Rep: Reputation: 70
Quote:
Originally Posted by http://secunia.com/advisories/30627/
The vulnerabilities are reported in X.org X11 version R7.3. Other versions may also be affected.
I saw this when it first came out, but I'm pretty sure Slack 12.1 has R7.1, so it may not even affect us.
 
Old 06-21-2008, 02:53 PM   #5
titopoquito
Senior Member
 
Registered: Jul 2004
Location: Ruhr Area, Germany
Distribution: Slackware64 14.0
Posts: 1,525

Rep: Reputation: 94
Quote:
Originally Posted by shadowsnipes View Post
I saw this when it first came out, but I'm pretty sure Slack 12.1 has R7.1, so it may not even affect us.
I don't think you're right here, AFAIK Release 7.3 means x.org server 1.4 which IS installed with Slackware 12.1. (source: http://www.x.org/wiki/Releases/7.3)
 
Old 06-21-2008, 03:50 PM   #6
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,081
Blog Entries: 52

Rep: Reputation: Disabled
Yeah, 12.1 has 7.3. From ANNOUNCE.12_1:
Quote:
- X11 7.3.0+. This is the X.Org Foundation's modular X Window System.
There's been much activity in the X development world, and the
improvements here in terms of performance and hardware support
are too numerous to mention them all here.
 
Old 06-21-2008, 05:13 PM   #7
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Rep: Reputation: 70
Quote:
Originally Posted by titopoquito View Post
I don't think you're right here, AFAIK Release 7.3 means x.org server 1.4 which IS installed with Slackware 12.1. (source: http://www.x.org/wiki/Releases/7.3)
Thanks for correcting me on this. The x11-skel-7.1-noarch-6 package name is what tripped me up. I should have actually checked the X version instead. Sorry everyone.
 
Old 07-01-2008, 10:36 PM   #8
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Rep: Reputation: 70
It looks like the patches are available now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: X.org X11 Multiple Vulnerabilities win32sux Linux - Security 1 06-23-2008 03:51 PM
Core 4 - X11-devel complains about X11-libs which are installed Ephracis Fedora 3 09-05-2005 10:32 AM
IE Vulnerabilities, why not in other browsers? mandrakemikael Linux - Security 3 09-28-2004 12:43 PM
Roaming X11/Xfree86, X11 proxy zapp Linux - Software 1 09-12-2003 09:06 AM
More BIND vulnerabilities jeremy Linux - Security 0 01-31-2001 09:29 PM


All times are GMT -5. The time now is 07:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration