SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. This addresses CVE-2023-42465.
The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456.
Last edited by opty; 11-07-2023 at 09:24 AM.
Reason: unordered list
What could be done by users before openssh is updated is to stop using rsa keys. From "man ssh-keygen":
Code:
-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifies the type of key to create. The possible values are
“dsa”, “ecdsa”, “ecdsa-sk”, “ed25519”, “ed25519-sk”, or “rsa”.
The article told that openssh "has deployed a countermeasure for decades". "The researchers traced the keys they compromised to devices that used custom, closed-source SSH implementations that didn’t implement the countermeasures found in OpenSSH and other widely used open source code libraries. The devices came from four manufacturers: Cisco, Zyxel, Hillstone Networks, and Mocana."
The article told that openssh "has deployed a countermeasure for decades". "The researchers traced the keys they compromised to devices that used custom, closed-source SSH implementations that didn’t implement the countermeasures found in OpenSSH and other widely used open source code libraries. The devices came from four manufacturers: Cisco, Zyxel, Hillstone Networks, and Mocana."
FWIW, on an OpenBSD System (7.4) I have, I had to re-create my ssh keys. sshing into it would either hang or it would take a very long time to login in. Once in it was very slow.
IIRC I saw that OpenBSD recommended to recreate the ssh keys. They said having an old RSA key will cause issues, which happened to me. IIRC, they recommended using ed25519 keys. So I re-created the keys using ed25519 on Slackware and other systems then removed the rsa keys.
Last edited by jmccue; 11-16-2023 at 08:42 AM.
Reason: spelling
are all about remote code execution caused by buffer overflow when reading broken/malicious files in the following formats:
DDS (Microsoft format often used for textures)
PSD (Photoshop files)
PSP (Paint Shop Pro files).
Slackware 15.0 has gimp version 2.10.30, Slackware 14.2 and older have gimp version 2.8.18 and older which might be less compatible. Besides, all those 14 versions of Slackware will soon be EOL.
Xxx Dec xx xx:xx:xx UTC 2023
patches/packages/rdfind-1.6.0-x86_64-1_slack15.0.txz: Removed.
If I edit the Changelog marav will find me in my sleep. So let's just remove this for now.
then...
Code:
Xxx Dec xx xx:xx:xx UTC 2023
patches/packages/rdfind-1.6.0-x86_64-2_slack15.0.txz: Added.
slackpkg doesn't know what to do with a new "upgraded" package, so "add" it instead.
I've completely rewritten this script part, and I no longer use a diff between the new and the previous changelog
Now I just cut everything after the first +--------------------------+
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.