LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page [Slackware security] vulnerabilities outstanding 20140101
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
Page 7 of 65 « First 56 7 891757 Last »
  Search this Thread
Old 03-05-2014, 12:45 AM   #91
aaazen
Member
 
Registered: Dec 2009
Posts: 358

Rep: Reputation: Disabled

Quote:
Originally Posted by mancha View Post
Update 20140304
  1. GnuTLS

    A security audit of GnuTLS, carried out by one of its primary developers, has identified serious flaws in its certificate validation
    code (CVE-2014-0092). The vulnerabilities can be exploited via specially-crafted certificates to effectively circumvent certificate
    validation checks.

    Solution: Slackware deployed security fixes for Slackware 13.0 through current the day the issue became public (20140303).
    I encourage those who've not yet applied these updates to do so as soon as possible.

    Note: Slackware 12.1 and 12.2 systems can address this issue by rebuilding GnuTLS after applying Slackware 13.0's fix.
--mancha

So what slackware code is actually using GnuTLS?

I did a search of the current slackware64-current/source and found very little.

It looks like two packages use it as they are built with "gnutls"
  1. l/loudmouth a library for the Jabber instant messenger protocol.
  2. xap/pan a usenet news reader.
Since I don't use Jabber and I don't use pan this appears to be an extremely low impact "security risk".
 
Old 03-05-2014, 01:08 AM   #92
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 278
Blog Entries: 7

Rep: Reputation: Disabled
Gnome and CUPS, http://en.wikipedia.org/wiki/GnuTLS some of KDE, Apache and Wine may using it, GnuTLS project is very "precarious suspicious". It should drop Gnu from its name.
Last edited by number22; 03-05-2014 at 03:09 AM.
 
Old 03-06-2014, 02:13 PM   #93
aaazen
Member
 
Registered: Dec 2009
Posts: 358

Rep: Reputation: Disabled
Quote:
Originally Posted by number22 View Post
Gnome and CUPS, http://en.wikipedia.org/wiki/GnuTLS some of KDE, Apache and Wine may using it...
Most of the Slackware packages seem to use OpenSSL instead of GnuTLS.

Gnome is not included in the standard release of Slackware.

CUPS specifically ignores GnuTLS as the build script contains this parameter:
"--enable-gnutls=no"

I didn't see GnuTLS in the Slackware KDE or Apache packages.

Wine, like Gnome is not included in the standard release.
 
Old 03-06-2014, 04:31 PM   #94
guanx
Senior Member
 
Registered: Dec 2008
Posts: 1,176

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by comet.berkeley View Post
So what slackware code is actually using GnuTLS?
This may find some but maybe not all if the library is loaded with dlopen:
Code:
for dir in /bin /sbin /usr; do
    find "$dir" -type f -exec sh -c "file '{}' | (grep ELF >/dev/null && (ldd '{}' | (grep libgnutls.so >/dev/null && echo '{}')))" \;
done
Last edited by guanx; 03-07-2014 at 01:01 AM.
 
1 members found this post helpful.
Old 03-06-2014, 05:53 PM   #95
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 278
Blog Entries: 7

Rep: Reputation: Disabled
guanx, thanks, you beat me to it. yeah, simple bash script can easy tell:
another example code
Code:
for file in /usr/bin ; do
ldd $file |grep libgnutls >/dev/null && echo $file >> $HOME/result.out;
done
apparently samba uses libgnutls too, didn't know it before.
Last edited by number22; 03-06-2014 at 05:55 PM.
 
Old 03-14-2014, 02:06 AM   #96
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Update 20140314

  1. libssh

    A problem with how libssh handles prng states for forked sshd's (CVE-2014-0017) has been fixed upstream.

    Solution: Rebuild libssh 0.5.4 (or 0.5.5) after applying upstream fix.

  2. file

    Two security issues were identified with libmagic (file package):

    CVE-2014-1943 (infinite recursion flaw)
    CVE-2014-2270 (improper bounds checking)

    Solution: Rebuild file 5.14 after applying my backport fixes:

    file-5.14_CVE-2014-1943.diff
    file-5.14_CVE-2014-2270.diff
    Note: should be applied in above order.

    PoC for CVE-2014-1943:
    Code:
    $ echo -n "4552000000" | xxd -r -p | file -
  3. php

    The above libmagic security issues affect Slackware's PHP package because PHP bundles libmagic for its fileinfo extension.

    Solution: Rebuild PHP 5.4.24 (or PHP 5.4.25) after applying my backport fixes:

    php-5.4.24_CVE-2014-1943.diff
    php-5.4.24_CVE-2014-2270.diff
    Note: should be applied in above order.

    PoC for CVE-2014-1943:
    Code:
    <?php
/* CVE-2014-1943 */
$finfo = new finfo(FILEINFO_MIME);
$hex = hex2bin("4552000000");
return $finfo->buffer($hex);
?>
  4. FreeType

    Two security issues have been identified in FreeType's CFF driver:

    CVE-2014-2240 (out-of-bounds stack read/write)
    CVE-2014-2241 (denial of service via triggerable assertion)

    Solution: Upgrade to FreeType 2.5.3.

  5. udisks & udisks2

    A flaw in the way udisks/udisks2 processes path names (CVE-2014-0004) can be exploited by malicious local users, via
    specially-crafted directory structures, to execute arbitrary code as the udisks daemon (i.e. root).

    Solution: Apply Slackware's security update from 20140311.

  6. mutt

    A buffer overflow vulnerability (CVE-2014-0467) was discovered in mutt's parsing of RFC2049 headers. A remote attacker
    can exploit this via an email with specially-crafted headers to cause a DoS and potentially execute arbitrary code.

    Solution: Apply Slackware's security update from 20140312.

  7. samba

    An internal samba audit has identified two security issues:

    CVE-2013-4496 (flaw allows bypass of password lock-out and unlimited password attempts via the samr interface).
    CVE-2013-6442 (flaw in smbacls potentially clears an object's existing ACLs leaving it unprotected).

    Solution: Apply Slackware's security update from 20140313.
--mancha
Last edited by mancha; 03-14-2014 at 03:18 AM. Reason: Add samba alert
 
7 members found this post helpful.
Old 03-14-2014, 09:59 AM   #97
onebuck
Moderator
 
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,925
Blog Entries: 44

Rep: Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159Reputation: 3159
Thumbs up Member Response
Hi,

I want too commend 'Mancha' along with other Slackers for contributing helpful information to the Slackware community here at LQ.

I'm sure PV & team appreciates the endeavors of all for providing additional security assistance.

Read the entire thread and found a lot of useful information.

Thanks to all!
Last edited by onebuck; 03-14-2014 at 10:06 AM. Reason: changes to format
 
4 members found this post helpful.
Old 03-14-2014, 11:58 AM   #98
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,371

Rep: Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749
My Slackware deployments do not require a tin foil hat the size of a sombrero, but I also am very grateful to mancha for the investigation and fixes to security issues. It shows an ability beyond my ken.
On the file issue, it just goes to show the degree of difficulty that our BDFL faces in balancing usability with security. An upstream change made the basic nano utility segfault without a change to file to use a compiled magic file. http://www.linuxquestions.org/questi...le-4175455374/ Now a security issue has been uncovered.
 
1 members found this post helpful.
Old 03-14-2014, 12:16 PM   #99
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
Yeah, stability and security have to be juggled carefully as they can affect one another. I'm only concerned about critical exploits, like privilege escalation / remotely rooting the system, etc. Lesser exploits are more of a concern on multi-user systems or for sysadmins, not me.
 
Old 03-14-2014, 04:24 PM   #100
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by onebuck View Post
I want too commend 'Mancha' along with other Slackers for contributing helpful information to the Slackware community here at LQ.
Thanks for your post and thanks to other slackers who have encouraged me in this thread and privately. It makes the effort worthwhile
knowing folks are appreciative and finding the information valuable.

To slackers contributing alerts or solutions here, keep up the good work.

--mancha
Last edited by mancha; 03-14-2014 at 07:01 PM.
 
6 members found this post helpful.
Old 03-14-2014, 11:30 PM   #101
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,661

Rep: Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784Reputation: 1784
Quote:
Originally Posted by mancha View Post
Update 20140314

  1. php

    The above libmagic security issues affect Slackware's PHP package because PHP bundles libmagic for its fileinfo extension.

    Solution: Rebuild PHP 5.4.24 (or PHP 5.4.25) after applying my backport fixes:

    php-5.4.24_CVE-2014-1943.diff
    php-5.4.24_CVE-2014-2270.diff
    Note: should be applied in above order.
--mancha
This has been fixed in 5.4.26 which has just been released
http://www.php.net/ChangeLog-5.php#5.4.26
 
Old 03-15-2014, 12:09 AM   #102
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
This thread is great, I think OP is doing a job for a team by himself
 
1 members found this post helpful.
Old 03-16-2014, 04:53 AM   #103
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
FreeType

Two security issues have been identified in FreeType's CFF driver:

CVE-2014-2240 (out-of-bounds stack read/write)
CVE-2014-2241 (denial of service via triggerable assertion)

Solution: Upgrade to FreeType 2.5.3.

In order to compile FreeType 2.5.3 Harfbuzz needs to be updated as well.

Mats
 
1 members found this post helpful.
Old 03-16-2014, 10:02 AM   #104
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Update 20140316

Quote:
Originally Posted by mats_b_tegner View Post
In order to compile FreeType 2.5.3 Harfbuzz needs to be updated as well.
  1. FreeType

    Mats, thanks for bringing this up. Actually, HarfBuzz is a new and optional dependency of FreeType as of 2.5.3.
    FreeType 2.5.3 will build on stock Slackware 14.1 but automatically disables HarfBuzz support when it doesn't
    detect a new enough version.

    However, building FreeType 2.5.3 requires a modified illadvisederror patch (see note at end), so I've amended my
    recommendation for most slackers:

    Solution: Rebuild Slackware 14.1 FreeType 2.5.0.1 after applying my CVE-2014-2240+CVE-2014-2241 backport fix (sig).
--mancha

Note: For those wishing to upgrade to FreeType 2.5.3:
  • Get my FreeType 2.5.3 illadvisederror patch (gzip it or edit the Slackbuild so it applies uncompressed)
  • Build FreeType 2.5.3 (1st pass with no HarfBuzz support)
  • Upgrade to HarfBuzz 0.9.26 [OPTIONAL STEP]
  • Rebuild FreeType 2.5.3 (2nd pass with HarfBuzz support) [OPTIONAL STEP]

    Keep in mind lots of things depend on HarfBuzz and FreeType so upgrading these two libs is done at your own risk.
Last edited by mancha; 03-16-2014 at 10:27 AM. Reason: Don't use small print for warning at end
 
3 members found this post helpful.
Old 03-19-2014, 03:17 PM   #105
Phorize
Member
 
Registered: Sep 2005
Location: UK
Distribution: Slackware
Posts: 226

Rep: Reputation: 29
https://www.mozilla.org/security/kno...irefoxESR.html

Firefox ESR 24.4.0 fixes some critical vulnerabilities. I'm trying to debug a failed build as I write.
 
  


Reply
Page 7 of 65 « First 56 7 891757 Last »

Tags
exploit, security, slackware



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:51 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration