Quote:
Cf. https://github.com/mjg59/mei-amt-check PS Not sure it's the same CVS... Anyway if one needs AMT the article you linked to suggest to just use a good password. |
Quote:
I have only one "business grade" DELL laptop that is "empowered" by this AMT (!@$@#$%^), it came with Win7 and I've missed already an Intel AMT firmware because the patch on DELL's support site works only under Win10 (obviously I didn't upgrade). I'm currently running only Slackware on this machine and was wondering if there's a way to update the firmware under Linux, just considering that there will be many more security issues & patches. Intel AMT is supported under Linux: https://www.kernel.org/doc/Documenta...es/mei/mei.txt But apparently Intel doesn't provide any mitigation under Linux: https://en.wikipedia.org/wiki/Intel_...and_mitigation As mentioned, I'm really considering to go for the tools the guys at Positive Technologies provided and clean the whole thing. One problem less I need to care about. ;) Reference: https://www.linuxquestions.org/quest...ml#post5785847 |
Libc Realpath Buffer Underflow CVE-2018-1000001
Possible priv-escalation leveraging suid binaries.
ref: https://www.halfdog.net/Security/201...fferUnderflow/ Fix (amongst others) has been applied to https://sourceware.org/git/?p=glibc....se/2.26/master |
Quote:
https://newsroom.intel.com/news/firm...enter-systems/ "As I noted in my blog post last week, while the firmware updates are effective at mitigating exposure to the security issues, customers have reported more frequent reboots on firmware updated systems. As part of this, we have determined that similar behavior occurs on other products in some configurations, including Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms. We have reproduced these issues internally and are making progress toward identifying the root cause. In parallel, we will be providing beta microcode to vendors for validation by next week." It looks like there will be a patch of a patch of a patch, good that the firmware update process works and is documented now in the Slackware forum, might need to automate it and put it in crond ... |
Hi,
Technically, it's not patch to a patch to... You only upload single microcode file ;-) -- Best regards, Andrzej Telszewski |
libunwind-1.2.1-x86_64-1.txz: Added.
just for info, it seem some packages can be recompiled with libunwind support: gstreamer, strace, mesa, xorg-server. |
Oopps Sorry posted in the bad thread
|
|
Quote:
|
Yes
but in that business you never know from .... by the way I checked if the last pre-meltdown free grsec patch for kernel 4.9.25 works for meltdown POC from here: https://github.com/raphaelsc/Am-I-affected-by-Meltdown Quote:
So far so good especially for x86. |
Quote:
https://www.auscert.org.au/bulletins/57150 https://support.hpe.com/hpsc/doc/pub...a00039267en_us https://usn.ubuntu.com/usn/usn-3531-2/ Sir Linus Torvald's latest rant on the subject - some useful technical details to be found between the lines(NSFW): http://lkml.iu.edu/hypermail/linux/k...1.2/04628.html It looks to me like a typical organized chaos, where the parties (HW manufacturers - Intel, Kernel Devs. and Compiler Devs.) are racing to provide their own resolution. I still hope that the Spectre related vulnerabilities will be mitigated solely on the microcode level (enough complexity available in the latest CPUs) and that the things will soon settle down. |
curl-7.58.0 is released with security fix
curl-7.58.0 is released with security fix.
Quote:
|
rsync-3.1.3 is released with security fix
rsync-3.1.3 is released with security fix.
http://rsync.samba.org/ftp/rsync/src...1.3.tar.gz.asc http://rsync.samba.org/ftp/rsync/src/rsync-3.1.3.tar.gz Quote:
|
mariadb-10.0.34 is released with security fixes. You can see changelog.
|
Ruby gems is vulnerable, see for details: https://www.linuxquestions.org/quest...86#post5829686
For 14.2, ruby patch here: rubygems-276-for-ruby22.patch Source: https://www.ruby-lang.org/en/news/20...s-in-rubygems/ |
All times are GMT -5. The time now is 09:40 PM. |