LinuxQuestions.org - [Slackware security] vulnerabilities outstanding 20140101

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

Cool, thank you :-) I assume the fix is in linux-3.10.104 as well.

Quote:

Originally Posted by eloi (Post 5184017)

And sub-quoting myself again.

Taking in care Slackware development modus operandi a bug tracking system (already invented) is of no use. Mailing lists servers are already provided and ready to use for the rest of functionality. Who think a forum is better for that is because ignores how to use mailing lists. Forums were adopted by users for the same reason all *reinventing the wheel new stuff* is adopted (i.e. systemd), ignorance and laziness.

as it stands bugs don't get fixed in systemd just marked as such
turning to a forum like this is the last resort

Mercurial 4.1.3 is released with security fix:

Quote:

This is an out of cycle release to address a security issue:

hg serve --stdio could be tricked into granting authorized users access to the Python debugger. Thanks to Jonathan Claudius of Mozilla for reporting this issue

Not sure which older versions are affected and how severe it is (no CVE number provided in the release note).

Quote:

Originally Posted by rob.rice (Post 5699081)

as it stands bugs don't get fixed in systemd just marked as such
turning to a forum like this is the last resort

Turning to a Slackware forum about systemd issues is pointless. Take your baggage somewhere else... we don't want to see it.

*If* Slackware ever adopts systemd, it will be because Pat felt it was the best option (likely due to other projects relying too heavily on it that gutting random parts (like eudev and elogind) aren't enough anymore). Your random posts (or anyone's random posts) will have no factor in that decision. Pat is the BDFL of Slackware. He is the only person who has a decision in the matter.

However, there is no sign that Pat is considering this, so there's no reason to be spamming the forum with a bunch of systemd nonsense.

Quote:

Originally Posted by mats_b_tegner (Post 5699191)

Curl 7.54.0 fixes CVE-2017-7468.
https://curl.haxx.se/changes.html#7_54_0
https://curl.haxx.se/docs/adv_20170419.html
https://curl.haxx.se/download/curl-7.54.0.tar.bz2
https://curl.haxx.se/download/curl-7.54.0.tar.bz2.asc

I saw that too but didn't post anything because this CVE is present since curl-7.52. Slackware-14.2 has curl-7.51.0.

Quote:

INFO
----

This flaw also affects the curl command line tool.

For version 7.52.0, we rearranged a lot of TLS code to bring support for HTTPS
proxies, which unfortunately made us accidentally bring this old flaw back!

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2017-7468 to this issue.

AFFECTED VERSIONS
-----------------

This flaw is relevant for all versions of curl and libcurl that support TLS
and client certificates.

- Affected versions: curl 7.52.0 to and including 7.53.1
- Not affected versions: curl < 7.52.0 and >= 7.54.0

Quote:

Originally Posted by Thom1b (Post 5699194)

I saw that too but didn't post anything because this CVE is present since curl-7.52. Slackware-14.2 has curl-7.51.0.

Okay, but -current has 7.53.1.

bind is released with security fixes

bind 9.9.10, 9.10.5, 9.11.1 are released.

Quote:

Security Fixes

* rndc "" could trigger an assertion failure in named. This flaw is
disclosed in (CVE-2017-3138). [RT #44924]
* Some chaining (i.e., type CNAME or DNAME) responses to upstream
queries could trigger assertion failures. This flaw is disclosed in
CVE-2017-3137. [RT #44734]
* dns64 with break-dnssec yes; can result in an assertion failure.
This flaw is disclosed in CVE-2017-3136. [RT #44653]
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* Added the ability to specify the maximum number of records
permitted in a zone (max-records #;). This provides a mechanism to
block overly large zone transfers, which is a potential risk with
slave zones from other parties, as described in CVE-2016-6170. [RT
#42143]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]

Quote:

Originally Posted by Thom1b (Post 5699562)

bind 9.9.10, 9.10.5, 9.11.1 are released.

All of these issues are already fixed in the -Px releases, and Slackware patches have already been issued. BIND has a habit of repeating all the CVEs since the last major version when announcing a new stable branch.

OK, I didn't see. Sorry for the unused post.

Vulnerability in KAuth

Samba 4.6.4, 4.5.10 and 4.4.14

new samba security fix are released.

Quote:

Release Announcements
---------------------

These are a security releases in order to address the following defect:

o CVE-2017-7494 (Remote code execution from a writable share)

=======
Details
=======

o CVE-2017-7494:
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

Changes:
--------

o Volker Lendecke <vl@samba.org>
* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.

irssi 1.0.3 has been released, fixing CVE-2017-9468 and CVE-2017-9469 which may result in a remote crash - see https://irssi.org/security/irssi_sa_2017_06.txt

irssi 0.8.21 in Slackware 14.0 to 14.2 seems to be affected, too, but it looks like the 0.8.x release isn't supported any longer. If an upgrade to the 1.0.x series isn't feasible the patch from OpenBSD might help: http://marc.info/?l=openbsd-ports&m=149679056311479&w=2

OpenVPN 2.3.17 has been released, fixing several remotely-triggerable issues - see https://community.openvpn.net/openvp...edInOpenVPN243 for more infos or https://guidovranken.wordpress.com/2...t-bug-bonanza/ for the full report.

Unlike CVE-2017-7478 (fixed in 2.3.15), CVE-2017-7508, -7520 and -7521 do affect OpenVPN 2.3.11 from Slackware 14.2, making an upgrade advisable.