LinuxQuestions.org - [Slackware security] vulnerabilities outstanding 20140101

Page 39 of 65

Show 50 post(s) from this thread on one page

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

mats_b_tegner

01-18-2017 04:28 PM

Quote:

Originally Posted by Thom1b (Post 5656782)

mariadb-10.0.29 is released with many security fixes.
https://mariadb.com/kb/en/mariadb/ma...release-notes/

New packages are available for 14.1, 14.2 and -current according to the latest ChangeLogs:

Quote:

Wed Jan 18 20:39:17 UTC 2017
patches/packages/mariadb-5.5.54-i486-1_slack14.1.txz: Upgraded.
patches/packages/mariadb-10.0.29-i586-1_slack14.2.txz: Upgraded.
ap/mariadb-10.0.29-i586-1.txz: Upgraded.
This update fixes several security issues.

elcore

01-20-2017 12:30 PM

mozilla-nss-3.23 found in 14.1 is outdated, 3.28 is available.

cURL 7.52.1 is also available, fixed multiple flaws.

volkerdi

01-20-2017 02:35 PM

Quote:

Originally Posted by elcore (Post 5657892)

mozilla-nss-3.23 found in 14.1 is outdated, 3.28 is available.

3.23 was the last update to note any security fixes.

Quote:

cURL 7.52.1 is also available, fixed multiple flaws.

No mention of security fixes here either.

Let's try to stay on topic, OK?

mats_b_tegner

01-20-2017 07:08 PM

Kernel 4.4.44

Kernel 4.4.44 fixes the following CVEs: CVE-2016-9191, CVE-2017-2583 and CVE-2017-2584.
https://cdn.kernel.org/pub/linux/ker...angeLog-4.4.44
https://cdn.kernel.org/pub/linux/ker...-4.4.44.tar.xz

elcore

01-20-2017 09:06 PM

Quote:

Originally Posted by volkerdi (Post 5657941)

Let's try to stay on topic, OK?

I posted because there was this in the news feed:

https://security.gentoo.org/glsa/201701-46
https://security.gentoo.org/glsa/201701-47

qunying

01-24-2017 03:48 PM

OpenSSL 1.1.0d, 1.0.2k security released on 26th January 2017
OpenSSL Security Advisory, 26 Jan 2017

mats_b_tegner

01-28-2017 04:19 PM

Quote:

Originally Posted by qunying (Post 5659668)

OpenSSL 1.1.0d, 1.0.2k security released on on 26th January 2017
OpenSSL Security Advisory, 26 Jan 2017

Fixed typo in URL.

haary

02-07-2017 03:32 AM

PHP 5.6.30 was released on 19 Jan 2017 https://secure.php.net/ChangeLog-5.php#5.6.30
Fixes for CVE-2016-10158, CVE-2016-10167, CVE-2016-10168, CVE-2016-10159, CVE-2016-10160 and CVE-2016-10161 are included

mats_b_tegner

02-14-2017 12:45 PM

Security fixes for NVidia Graphic drivers R378, R375, R340, R304:
https://nvidia.custhelp.com/app/answ...tail/a_id/4398
http://www.nvidia.com/download/drive...x/115031/en-us
http://www.nvidia.com/download/drive...x/114708/en-us
http://www.nvidia.com/download/drive...x/114719/en-us
http://www.nvidia.com/download/drive...x/114714/en-us

Fixes the following CVEs:
CVE-2017-0309
CVE-2017-0310
CVE-2017-0311
CVE-2017-0318
CVE-2017-0321

cwizardone

02-22-2017 11:12 AM

Cve-2017-6074

CVE-2017-6074

Is CONFIG_IP_DCCP enabled in the kernel built for stable and current?

More here,
https://git.kernel.org/cgit/linux/ke...55ef99d9798ba4

atelszewski

02-22-2017 11:20 AM

Hi,

Quote:

Originally Posted by cwizardone (Post 5674593)

Is CONFIG_IP_DCCP enabled in the kernel built for stable and current?

From 14.2:

Code:

$ grep CONFIG_IP_DCCP /boot/config-generic-4.4.38 

CONFIG_IP_DCCP=m

--
Best regards,
Andrzej Telszewski

allend

02-22-2017 01:46 PM

For more on CVE-2017-6074 see here. I do not use IPV6 (yet), so I do not feel threatened at the moment, but the fix seems simple.

mats_b_tegner

02-22-2017 04:09 PM

cURL and util-linux

curl 7.53.0 fixes CVE-2017-2629
https://curl.haxx.se/changes.html#7_53_0
https://curl.haxx.se/download/curl-7.53.0.tar.bz2
https://curl.haxx.se/download/curl-7.53.0.tar.bz2.asc

util-linux 2.29.2 fixes CVE-2017-2616
https://www.kernel.org/pub/linux/uti...2-ReleaseNotes
https://www.kernel.org/pub/linux/uti...-2.29.2.tar.xz
https://www.kernel.org/pub/linux/uti....29.2.tar.sign

volkerdi

02-23-2017 12:37 PM

Quote:

Originally Posted by mats_b_tegner (Post 5674716)

util-linux 2.29.2 fixes CVE-2017-2616
https://www.kernel.org/pub/linux/uti...2-ReleaseNotes
https://www.kernel.org/pub/linux/uti...-2.29.2.tar.xz
https://www.kernel.org/pub/linux/uti....29.2.tar.sign

We don't use su from util-linux -- we use the one from shadow. They found the same issue in the shadow su, though.

The first line of the commit to fix the issue begins like this:

"If su is compiled with PAM support..."

aaazen

02-25-2017 08:58 PM

Quote:

Originally Posted by allend (Post 5674648)

For more on CVE-2017-6074 see here. I do not use IPV6 (yet), so I do not feel threatened at the moment, but the fix seems simple.

Linux 4.10 has the fix applied:

Andrey Konovalov (1):
dccp: fix freeing skb too early for IPV6_RECVPKTINFO

This article is interesting:

https://threatpost.com/impact-of-new...imited/123863/

It appears that one needs to be using both IPV6 and DCCP and have the hacker already logged on the system to be vulnerable.

One way to disable IPV6 is to create a /etc/modprobe.d/ipv6.conf file containing this:

Code:

alias net-pf-10 off

alias ipv6 off

And then reboot.

Update 2016-02-26: New kernels today, 4.10.1, 4.9.13 and 4.4.52 all have the fix.

All times are GMT -5. The time now is 04:14 PM.

Page 39 of 65

« First

Last »

Show 50 post(s) from this thread on one page