LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

Thom1b 10-10-2018 02:31 AM

linux-4.4.160 is released with 2 security fixes. One concerning ext4.
Quote:

commit cd3d6463759d21f4093d3434effacc358dd0caf8
Author: Theodore Ts'o <tytso@mit.edu>
Date: Sat Jun 16 15:40:48 2018 -0400

ext4: never move the system.data xattr out of the inode body

commit 8cdb5240ec5928b20490a2bb34cb87e9a5f40226 upstream.

When expanding the extra isize space, we must never move the
system.data xattr out of the inode body. For performance reasons, it
doesn't make any sense, and the inline data implementation assumes
that system.data xattr is never in the external xattr block.

This addresses CVE-2018-10880

https://bugzilla.kernel.org/show_bug.cgi?id=200005

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mats_b_tegner 10-18-2018 10:52 AM

Ruby
 
Ruby versions 2.3.8, 2.4.5 and 2.5.3 fixes the following security vulnerabilities:
https://www.ruby-lang.org/en/news/20...ve-2018-16395/
https://www.ruby-lang.org/en/news/20...ve-2018-16396/
https://cache.ruby-lang.org/pub/ruby...y-2.3.8.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.4.5.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.5.3.tar.xz

abga 11-04-2018 05:35 PM

A new CPU vulnerability, dubbed PortSmash was made public, exploiting the Hyper-Threading system, affecting Intel CPUs (demonstrated on SkyLake & KabyLaKe) and potentially AMD too. It has a CVE reserved: CVE-2018-5407
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-5407
Info:
https://arstechnica.com/information-...s-crypto-keys/
Proof of concept:
https://github.com/bbbrumley/portsmash
According to the following article, OpenSSL 1.1.1 (comes with Slackware - current) looks to make the attack unfeasible:
https://www.zdnet.com/article/intel-...vulnerability/

Mitigation (so far & as far as I understood it) - disable Hyper-Threading (if possible), OpenSSL related - use 1.1.1

Thom1b 11-04-2018 11:46 PM

mariadb-10.0.37 is released with many security fixes.

abga 11-14-2018 03:01 PM

Brace yourselves, or, enjoy the apparently never ending Whac-A-Mole, as 7 more spectre/meltdown related speculative execution attacks have been published, affecting Intel/AMD/ARM. No CVE yet assigned and no mitigation available, I guess there will be some more microcode updates & kernel patches released.
Article:
https://arstechnica.com/gadgets/2018...ution-attacks/
Research paper:
https://arxiv.org/pdf/1811.05441.pdf

GazL 11-14-2018 03:58 PM

Oh great. I expect that'll be another 5% or so performance loss on top of all the other mitigations that have already slowed our systems down.

Thanks for the heads up.

elcore 11-27-2018 01:17 AM

Binutils 2.26 in 14.2 may possibly be flawed, exploitable.

https://security.gentoo.org/glsa/201811-17

volkerdi 11-27-2018 12:56 PM

Quote:

Originally Posted by elcore (Post 5930492)
Binutils 2.26 in 14.2 may possibly be flawed, exploitable.

https://security.gentoo.org/glsa/201811-17

I'm not sure I see how a segfault (resulting in a "denial of service") in something like binutils is actually a security related bug. You have an intentionally corrupt ELF object (aka specially crafted) that causes the linker or assembler to crash disrupting the compile. But how is that a security issue? Unless there's an overflow that allows execution of arbitrary code (I've seen no such reports in any of the CVEs) then it's simply a crash of a userspace program. App crashes aren't security issues IMHO.

elcore 11-28-2018 04:34 AM

Thanks for looking into it, just posted because they did say remote in the article.
I guess netfilter could easily mitigate the dos, if there is any.

GazL 11-29-2018 10:49 AM

Yeah, seems declaring something as "remotely exploitable" is in fashion these days: even when there's nothing remotely "remote" about it.

Thom1b 12-01-2018 03:19 AM

Multiple CVE are fixed in linux-4.4.166 (and others concerning ext4 before) :

Quote:

commit 3658ccbbac39cc634e357ee08ff46d0893cbc111
Author: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Date: Thu Aug 23 17:00:35 2018 -0700

namei: allow restricted O_CREAT of FIFOs and regular files

commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 upstream.

Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.

This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:

CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489

This list is not meant to be complete. It's difficult to track down all
vulnerabilities of this kind because they were often reported without any
mention of this particular attack vector. In fact, before
hardlinks/symlinks restrictions, fifos/regular files weren't the favorite
vehicle to exploit them.

[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter]
Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda
Link: http://lkml.kernel.org/r/1524829819-...ca16@gmail.com
[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future]
[keescook@chromium.org: adjust commit subjet]
Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Suggested-by: Solar Designer <solar@openwall.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Loic <hackurx@opensec.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

alex14641 12-01-2018 09:47 AM

A side channel attack on various SSL libraries
 
OpenSSL is in the list.

https://www.theregister.co.uk/2018/1...broken_crypto/

mats_b_tegner 12-29-2018 02:26 PM

[Kernel 4.19.13 fixes CVE-2018-19985
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.13
https://cdn.kernel.org/pub/linux/ker...4.19.13.tar.xz
Edit:
Upgraded in -current according to the latest ChangeLog:
Quote:

Sat Dec 29 23:13:15 UTC 2018
a/kernel-generic-4.19.13-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.13-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.13-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.13-x86-1.txz: Upgraded.
k/kernel-source-4.19.13-noarch-1.txz: Upgraded.

FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER y -> n

nobodino 01-03-2019 03:08 AM

has anyone used the 'cve-check-tool' from SBo to find cve's in slackware?
-------------------
root@drakstart64:/var/log# cve-check-tool -uNc pkgs.csv
Line #222 is of incorrect length
audiofile,0.3.6,CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839,,0
binutils,2.31.1,CVE-2018-17358 CVE-2018-17359 CVE-2018-17360,,0
cvs,1.11.23,CVE-2010-3846,,0
bzip2,1.0.6,CVE-2016-3189,,0
a2ps,4.14,CVE-2001-1593 CVE-2014-0466 CVE-2015-8107,,0
---------------------
here's the result for slackware64-current. There is rather very few ones.

mralk3 01-09-2019 06:21 PM

Quote:

Originally Posted by nobodino (Post 5944106)
has anyone used the 'cve-check-tool' from SBo to find cve's in slackware?
..snip..

Here is a tool that makes use of cve-check-tool to find vulnerabilities on Slackware systems. It is written by David Spencer (idlemoor). It is called "Bad News." It's a great tool.

Git repo here: https://gitlab.com/idlemoor/BadNews


All times are GMT -5. The time now is 08:06 AM.