LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Bodhi
User Name
Password
Bodhi This forum is for the discussion of Bodhi Linux.

Notices


Reply
  Search this Thread
Old 12-18-2018, 04:51 PM   #1
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 77

Rep: Reputation: 78
Exclamation Terminology Security Update


A security flaw in terminology has been found, CVE-2018-20167. A more complete explanation can be found in the phab report. This has been fixed upstream and I have rebuilt the deb files for BL 5.0.

I haven't had time to look into whether or not it is feasible to backport this patch to earlier versions of Bodhi linux. Note: we usually do not update prior releases of BL repos as we recommend Bodhi users to update to the latest version and simply lack manpower to focus on previous releases. But if I do find it is possible to patch terminology in BL 4.x or even 3.x, I will do so. Just give me some time.

But it is highly recommended Bodhi linux 5.0 users update terminology to the latest version.

Last edited by rbtylee; 12-18-2018 at 04:57 PM.
 
Old 12-18-2018, 04:54 PM   #2
cordx
Member
 
Registered: Oct 2018
Location: san antonio, tx
Distribution: bodhi 5.0
Posts: 99

Rep: Reputation: 15
thank you for the heads-up
 
Old 12-18-2018, 05:17 PM   #3
the_waiter
Bodhi Developer
 
Registered: Jun 2018
Location: Banská Bystrica, Slovakia
Distribution: Bodhi Linux
Posts: 247

Rep: Reputation: 169Reputation: 169
Updated, thx Robert
 
1 members found this post helpful.
Old 12-19-2018, 06:42 AM   #4
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 77

Original Poster
Rep: Reputation: 78
Yet another terminology update, seems the security patch broke a key Terminology functionality: clicking on hyperlinks ceased to function. Please update again to Terminology 1.3.2.
 
1 members found this post helpful.
Old 12-19-2018, 07:26 AM   #5
hemlocktree
Member
 
Registered: Aug 2018
Location: Northern Exposure
Distribution: Bodhi 5
Posts: 255

Rep: Reputation: 56
thanks ylee. does update and dist-upgrade work to fix this issue? or is there another method to install fixed packages?
 
1 members found this post helpful.
Old 12-19-2018, 04:27 PM   #6
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 77

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by hemlocktree View Post
thanks ylee. does update and dist-upgrade work to fix this issue? or is there another method to install fixed packages?
yes and yes. lol

update and upgrade is fine, you can also update and simply install terminology. If there is a new version apt-get install will install the latest version no --reinstall option needed. There are other ways but lets leave it at that.
 
2 members found this post helpful.
Old 12-19-2018, 04:31 PM   #7
hemlocktree
Member
 
Registered: Aug 2018
Location: Northern Exposure
Distribution: Bodhi 5
Posts: 255

Rep: Reputation: 56
thanks - will do it now. i thought so but you guys know how little i know.
 
1 members found this post helpful.
Old 12-19-2018, 04:39 PM   #8
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 77

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by rbtylee View Post
...
I haven't had time to look into whether or not it is feasible to backport this patch to earlier versions of Bodhi linux. Note: we usually do not update prior releases of BL repos as we recommend Bodhi users to update to the latest version and simply lack manpower to focus on previous releases. But if I do find it is possible to patch terminology in BL 4.x or even 3.x, I will do so. Just give me some time.
...
Naively applying this security patch to the code for Terminology in BL 4.5, results in terminology segfaulting on certain operations. I can't use the same version I added to BL 5.0 because BL 4.5 has to old of a version of EFL. Perhaps I could debug this and fix it but I am opting to leave it as is and not update terminology in BL 4.5 for now. I am several days behind now on Bodhi related tasks and I know stefan is waiting for me to update 6 or so deb files for him. So this choice is me rationing what time I have for Bodhi related tasks.

If any Bodhi linux 4.5 users want to pick this problem up and try to solve it, go for it. Email me for more details on what I have tried and what info I have on the segfaults. Other than that I recommend BL 4.5 users to update to 5.0 if possible. If not wither use another terminal or use terminology responsibly and aware of this security bug. The latter is certainly possibly if you understand the nature of this bug.

THanks for hopefully understanding
 
2 members found this post helpful.
Old 12-20-2018, 03:09 PM   #9
papivino
LQ Newbie
 
Registered: Dec 2018
Posts: 3

Rep: Reputation: Disabled
Angry apt upgrade doesn't work for me

Hi,

I'm running Bodhi 5.0

An apt-get update and upgrade tel me that I already have the latest terminology version 1.2.1bodhi1-1

Any suggestion?

Thankyou
 
Old 12-20-2018, 03:27 PM   #10
rrashkin
Member
 
Registered: Aug 2018
Location: San Benito, Texas, US
Distribution: Bodhi Linux
Posts: 31

Rep: Reputation: Disabled
did you try "apt-get dist-upgrade" or "apt full-upgrade"?
 
Old 12-20-2018, 03:48 PM   #11
papivino
LQ Newbie
 
Registered: Dec 2018
Posts: 3

Rep: Reputation: Disabled
Yes

Hi,

I did try apt-get dist-upgrade and apt full-upgrade without success.

'apt-cache policy terminology' tels me installed version is latest available: 1.2.1bodhi1-1
 
Old 12-20-2018, 03:59 PM   #12
rrashkin
Member
 
Registered: Aug 2018
Location: San Benito, Texas, US
Distribution: Bodhi Linux
Posts: 31

Rep: Reputation: Disabled
That's odd. I did apt update and apt full-upgrade (I hadn't upgraded in a while) and now I'm at 1.3.2
 
Old 12-20-2018, 04:24 PM   #13
hemlocktree
Member
 
Registered: Aug 2018
Location: Northern Exposure
Distribution: Bodhi 5
Posts: 255

Rep: Reputation: 56
same here on my daily laptop but have not checked my office one or my wife's. i imagine they too should be ok.
 
Old 12-20-2018, 04:24 PM   #14
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 77

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by papivino View Post
Hi,

I did try apt-get dist-upgrade and apt full-upgrade without success.

'apt-cache policy terminology' tels me installed version is latest available: 1.2.1bodhi1-1
Sounds like you did not run sudo apt-get update first.
 
1 members found this post helpful.
Old 12-20-2018, 04:44 PM   #15
papivino
LQ Newbie
 
Registered: Dec 2018
Posts: 3

Rep: Reputation: Disabled
Wink solved

Hi,

I found the problem:

In the sources.list file, the 'deb [trusted=yes] http://packages.bodhilinux.com/bodhi bionic b5main' line was commented out with a #.

After removing the # sign and performing an apt-get update and upgrade, I now have terminology 1.3.2

Thank you all!
 
1 members found this post helpful.
  


Reply

Tags
security, terminal, terminology


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
yum update terminology ukwho Linux - Newbie 1 02-10-2009 02:24 PM
Linux terminology hernan Linux - Newbie 3 01-14-2005 05:22 PM
SSL Certificate terminology dvong3 Linux - General 1 12-19-2003 09:50 AM
Slackware Security Update: GDM security update phoeniXflame Slackware 2 08-26-2003 05:21 PM
Understanding terminology digantk Linux - General 9 10-18-2002 07:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Bodhi

All times are GMT -5. The time now is 06:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration