LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

Didier Spaier 06-07-2014 07:12 AM

Quote:

Originally Posted by eloi (Post 5184019)
They are running, not by me, but they are.

None for discussion or bug reporting as far as I know.

jtsn 06-07-2014 07:17 AM

Quote:

Originally Posted by metaschima (Post 5183167)
Anyway, hopefully libressl will come out soon so I can switch.

LibReSSL is already out: for OpenBSD. There is just no port to Linux yet, because Linux is not compatible enough to (Open)BSD to run this unmodified...

Quote:

I tried e-mailing the devs and recommending crowdfunding the project. No response so far.
You could start a crowd fund raiser for a Linux port of LibreSSL (done by professionals, not half-assed "get it to compile" stuff) on your own. Or you could start a campaign to get the strl*() functions into glibc, which would make every Linux software out there more secure.

Thom1b 06-12-2014 01:22 AM

bind-9.9.5-P1 fixed two security issues and many bugs :

Quote:

Security Fixes

Treat an all zero netmask as invalid when generating the localnets
acl to workaround bug on Windows platform. [CVE-2013-6230] [RT #34687]

Fix crashes when serving some NSEC3 signed zones. memcpy was
incorrectly called with overlapping ranges, resulting in malformed
names being generated on some platforms. This could cause INSIST
failures. (CVE 2014-0591) [RT #35120]

Thom1b 06-20-2014 01:33 AM

There is a security bug in linux :

Quote:

Name: CVE-2014-3153
URL: http://cve.mitre.org/cgi-bin/cvename...=CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel
through 3.14.5 does not ensure that calls have two different futex
addresses, which allows local users to gain privileges via a crafted
FUTEX_REQUEUE command that facilitates unsafe waiter modification.
It's been fixed since 3.14.6, 3.10.42, 3.2.60.

GazL 06-20-2014 03:28 AM

Quote:

Originally Posted by Thom1b (Post 5191003)
There is a security bug in linux :
It's been fixed since 3.14.6, 3.10.42, 3.2.60.

When isn't there. :(

The above is already mentioned. Duplicate of the one posted by ben in post #166


However, 3.10.44 also fixes: CVE-2014-4014. I also noticed a couple of lesser issues on the changelog, including a DoS/Information disclosure one.

Thom1b 06-20-2014 03:44 AM

Quote:

Originally Posted by GazL (Post 5191051)
The above is already mentioned. Duplicate of the one posted by ben in post #166

Sorry, I didn't see this post. Thanks.

GazL 06-20-2014 03:52 AM

Quote:

Originally Posted by Thom1b (Post 5191061)
Sorry, I didn't see this post. Thanks.

It's understandable given the length of this thread now. I've done the same. :)

mancha 06-20-2014 09:20 AM

Update 20140620
  1. glibc

    A flaw was discovered in posix_spawn_file_actions_addopen() which can be exploited via use-after-free situations or other exploitable
    situations with mutated paths (CVE-2014-4043).

    Solution for Slackware 14.1: Re-build glibc 2.17 with my backport of upstream's fix.

    Note: If re-building glibc, I recommend the application of additional security fixes that have not been incorporated into Slackware:
    CVE-2012-4424, CVE-2012-4412, CVE-2013-4237, CVE-2013-4788, and CVE-2013-4458. See this thread for details and links to my
    backported fixes.

    This can be accomplished by getting all the diffs and adding the following lines (in red) to the end of glibc.SlackBuild's
    apply_patches() function:

    Code:

      zcat $CWD/glibc.CVE-2013-2207.diff.gz | patch -p1 --verbose || exit 1
      # Patch integer overflows in pvalloc, valloc, and
      # posix_memalign/memalign/aligned_alloc (CVE-2013-4332).
      zcat $CWD/glibc.CVE-2013-4332.diff.gz | patch -p1 --verbose || exit 1
      # Various security fixes
      patch -p1 --verbose < $CWD/glibc-2.17_strcoll-change.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2012-4424.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2012-4412.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2013-4237.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2013-4788.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2013-4458.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2014-4043.diff || exit 1

    }


mancha 06-20-2014 11:40 AM

Update 20140620-1
  1. OpenSSL

    OpenSSL recently released 0.9.8za, 1.0.0m, and 1.0.1h to correct several security flaws. In the case of CVE-2014-0224, the
    original fix restricts ChangeCipherSpec in a way that is causing problems for implementations that use tls_session_secret_cb
    for session resumption (e.g. wpa-supplicant/EAP-FAST) or use TLS renegotiation.

    Solution: Those experiencing problems related to the issues described above should re-build OpenSSL 1.0.1h after applying my
    regression fix (based on upstream commits).

    Note: If re-building OpenSSL, consider the following:

    • On 64-bit systems, enabling 64-bit optimized code for NIST Suite B elliptic curves provides speed improvements as well
      as protection against timing attacks. See this thread for details.

    • In post #163 I describe my personal set of configuration options and their security implications.
--mancha

mancha 06-21-2014 11:27 AM

Update 20140621
  1. Samba

    A flaw has been discovered in Samba's internal DNS server which can be exploited to cause two affected Samba servers to DoS
    themselves (CVE-2014-0239). Additionally, a flaw in SRV_SNAPSHOT_ARRAY permits attackers to leverage configurations that use
    shadow_copy* for vfs objects to reveal potentially private server information (CVE-2014-0178).

    Solution: Upgrade to Samba 4.1.8 (sig)
--mancha

sardinha 06-23-2014 01:57 PM

samba 4.1.9 and 3.6.24
 
Quote:

Originally Posted by mancha (Post 5191722)
Update 20140621
  1. Samba

    A flaw has been discovered in Samba's internal DNS server which can be exploited to cause two affected Samba servers to DoS
    themselves (CVE-2014-0239). Additionally, a flaw in SRV_SNAPSHOT_ARRAY permits attackers to leverage configurations that use
    shadow_copy* for vfs objects to reveal potentially private server information (CVE-2014-0178).

    Solution: Upgrade to Samba 4.1.8 (sig)
--mancha

Suggested security upgrades for resolve CVE-2014-0244 (Denial of service - CPU loop) and CVE-2014-3493 (Denial of service - Server crash/memory corruption):

Thom1b 06-24-2014 12:06 AM

gnupg:

Quote:

We are pleased to announce the availability of a new stable GnuPG-1
release: Version 1.4.17. This release includes a *security fix* to stop
a possible DoS using garbled compressed data packets which can be used
to put gpg into an infinite loop.
ftp://ftp.gnupg.org/GnuPG/gnupg/gnupg-1.4.17.tar.bz2
ftp://ftp.gnupg.org/GnuPG/gnupg/gnup...17.tar.bz2.sig

mancha 06-26-2014 10:04 PM

Update 20140626
  1. PHP

    The following security issues have been fixed in PHP 5.4.30:

    Code:

    CVE-2014-0207    CVE-2014-3478    CVE-2014-3479
    CVE-2014-3480    CVE-2014-3487    CVE-2014-3515
    CVE-2014-3981    CVE-2014-4049

    Solution: Upgrade to PHP 5.4.30 (sig)
--mancha

GazL 06-27-2014 10:56 AM

Looks like there's some ancient LZO nastiness that is likely to be triggering security fixes across a number of upstream projects, including the kernel, ffmpeg and others... http://lwn.net/Articles/603668/

One of the comments in the linked lwn article points to a nice blog post about the issues: http://blog.securitymouse.com/2014/0...-bug-that.html

However, as the blog points out, whether its exploitable in any given use case seems to be somewhat situational. Might take a while for the details of various projects affected by this one to come out of the woodwork.

mats_b_tegner 07-20-2014 05:01 AM

httpd 2.4.10 has been released, it fixes the following:
https://httpd.apache.org/security/vu...lities_24.html

Mats


All times are GMT -5. The time now is 06:55 AM.