LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

mats_b_tegner 06-11-2019 10:09 AM

Kernel 4.4.181
 
https://cdn.kernel.org/pub/linux/ker...4.4.181.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.181
Quote:

commit 98529ecd313bbeff006930056dad26529510054f
Author: Sriram Rajagopalan
Date: Fri May 10 19:28:06 2019 -0400

ext4: zero out the unused memory region in the extent tree block

commit 592acbf16821288ecdc4192c47e3774a4c48bb64 upstream.

This commit zeroes out the unused memory region in the buffer_head
corresponding to the extent metablock after writing the extent header
and the corresponding extent node entries.

This is done to prevent random uninitialized data from getting into
the filesystem when the extent block is synced.

This fixes CVE-2019-11833.
This commit is already included in kernel 4.19.y in -current (was added in 4.19.45).

mats_b_tegner 06-18-2019 08:20 AM

TCP SACK Panic etc
 
Kernels 4.4.182 and 4.19.52 fixes the following CVEs:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.182
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.52
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11477
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11478
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11479
https://github.com/Netflix/security-...ty/2019-001.md

TCP SACK can be temporarily disabled by issuing the following command(s) as root:
To check if you are vulnerable:
Code:

sysctl net.ipv4.tcp_sack
Disable with:
Code:

sysctl -w net.ipv4.tcp_sack=0
Edit:
Updated kernel packages are now available according to the latest ChangLogs.

mats_b_tegner 06-18-2019 12:10 PM

Firefox ESR 60.7.1
 
https://www.mozilla.org/en-US/securi...s/mfsa2019-18/
https://ftp.mozilla.org/pub/firefox/....source.tar.xz
https://ftp.mozilla.org/pub/firefox/...rce.tar.xz.asc
Edit:
An updated mozilla-firefox package is available according to the latest ChangLogs.

Didier Spaier 07-10-2019 07:06 AM

Fixed among others in Firefox 60.8esr and Firefox68:
https://www.mozilla.org/en-US/securi...CVE-2019-11709
Maybe not "so" critical when you read "... we presume that with enough effort that some of these could be exploited to run arbitrary code." but it doesn't hurt to be safe. Anyway I have upgraded for Slint to 60.8esr.

PS now that 68.0 is also tagged esr, maybe Pat is weighing which one to provide for -current and -stable?

EDIT: looks like he decided to ship 68.0esr in both:
xap/mozilla-firefox-68.0esr-x86_64-1.txz: Upgraded.
patches/packages/mozilla-firefox-68.0esr-x86_64-1_slack14.2.txz: Upgraded.
And that needed to upgrade rust.

mats_b_tegner 07-28-2019 05:08 PM

Regression fix for CVE-2019-11478 (TCP SACK Panic) is available in kernel 4.19.62
https://cdn.kernel.org/pub/linux/ker...4.19.62.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.62
Quote:

commit 6323c238bb4374d1477348cfbd5854f2bebe9a21
Author: Eric Dumazet
Date: Fri Jul 19 11:52:33 2019 -0700

tcp: be more careful in tcp_fragment()

[ Upstream commit b617158dc096709d8600c53b6052144d12b89fab ]

Some applications set tiny SO_SNDBUF values and expect
TCP to just work. Recent patches to address CVE-2019-11478
broke them in case of losses, since retransmits might be prevented.

We should allow these flows to make progress.

This patch allows the first and last skb in retransmit queue
to be split even if memory limits are hit.

It also adds some room due to the fact that tcp_sendmsg()
and tcp_sendpage() might overshoot sk_wmem_queued by about one full
TSO skb (64KB size). Note this allowance was already present
in stable backports for kernels < 4.15

Note for < 4.15 backports :
tcp_rtx_queue_tail() will probably look like :

static inline struct sk_buff *tcp_rtx_queue_tail(const struct sock *sk)
{
struct sk_buff *skb = tcp_send_head(sk);

return skb ? tcp_write_queue_prev(sk, skb) : tcp_write_queue_tail(sk);
}

Fixes: f070ef2ac667 ("tcp: tcp_fragment() should apply sane memory limits")
Edit:
Updated kernel packages are available for -current according to the latest ChangeLogs.

Labinnah 07-29-2019 02:42 AM

proftpd

CVE-2019-12815: mod_copy Incorrect Access Control
Description: Issueing CPFR, CPTO commands to a ProFTPd server allows users without write permissions to copy any file on the FTP server.

https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-12815
https://github.com/proftpd/proftpd/pull/816

mats_b_tegner 08-04-2019 02:55 PM

Kernel 4.19.64 fixes CVE-2019-3900 and CVE-2019-10207
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.64
Updated kernel packages are available for -current according to the latest ChangLogs:
Quote:

Mon Aug 5 07:33:15 UTC 2019
a/kernel-generic-4.19.64-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.19.64_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.19.64-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.19.64_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.19.64-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.19.64_smp-i686-1.txz: Upgraded
d/kernel-headers-4.19.64_smp-x86-1.txz: Upgraded.
k/kernel-source-4.19.64_smp-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.64-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.64-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.64-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.64-x86-1.txz: Upgraded.
k/kernel-source-4.19.64-noarch-1.txz: Upgraded.
Kernel 4.4.187 fixes CVE-2019-10207 and CVE-2019-13648
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.187

mats_b_tegner 08-07-2019 01:31 AM

Spectre v1 variant SWAPGS (CVE-2019-1125)
 
Looks like another Spectre v1 variant has reared its ugly head:
https://www.phoronix.com/scan.php?pa...19-1125-SWAPGS
https://access.redhat.com/articles/4329821
https://git.kernel.org/pub/scm/linux...4fa9d83733bb11

Kernel 4.19.65 seems to already include SWAPGS mitigations:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.65
Updated kernel packages for -current are already available according to the latest ChangeLogs:
Quote:

Wed Aug 7 05:27:04 UTC 2019
a/kernel-generic-4.19.65-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.19.65_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.19.65-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.19.65_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.19.65-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.19.65_smp-i686-1.txz: Upgraded.
d/kernel-headers-4.19.65_smp-x86-1.txz: Upgraded.
k/kernel-source-4.19.65_smp-noarch-1.txz: Upgraded.
extra/linux-4.19.65-nosmp-sdk/*: Upgraded.
a/kernel-generic-4.19.65-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.65-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.65-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.65-x86-1.txz: Upgraded.
k/kernel-source-4.19.65-noarch-1.txz: Upgraded.

ehartman 08-07-2019 10:33 AM

New Intel vulnerability
 
According to news (http://www.bitdefender.com/news/bitd...sors-3722.html I've found, they've detected a new problem with Intel CPUs that doesn't have anything to do with Spectre and/or Meltdown, so isn't fixed by the current migations in the kernel.

philanc 08-07-2019 12:41 PM

Quote:

Originally Posted by ehartman (Post 6022547)
According to news (http://www.bitdefender.com/news/bitd...sors-3722.html I've found, they've detected a new problem with Intel CPUs that doesn't have anything to do with Spectre and/or Meltdown, so isn't fixed by the current migations in the kernel.

This is the SWAPGS vulnerability (a Spectre V1 variant) as described in the previous mats_b_tegner detailed post.

It is fixed in kernel versions 4.19.65 (the last Slackware current kernel, updated today -- again a very timely update. Thanks Pat!) and 4.14.137.

The last 4.4 kernel (4.4.188) doesn't seem to have a fix for this (I don't know if it means that it is not vulnerable, or if the patch is to come later?) So for the moment Slackware 14.2 is out of luck regarding this vulnerability...

mats_b_tegner 08-08-2019 05:03 AM

Kernel 4.4.189
 
Quote:

Originally Posted by philanc (Post 6022591)
This is the SWAPGS vulnerability (a Spectre V1 variant) as described in the previous mats_b_tegner detailed post.

It is fixed in kernel versions 4.19.65 (the last Slackware current kernel, updated today -- again a very timely update. Thanks Pat!) and 4.14.137.

The last 4.4 kernels (4.4.188) doesn't seem to have a fix for this (I don't know if it means that it is not vulnerable, or if the patch is to come later?) So for the moment Slackware 14.2 is out of luck regarding this vulnerability...

Update 2019-08-14:
Kernel 4.4.189 packages are available now and it includes Spectre v1 SWAPGS mitigations (CVE 2019-1125)
Quote:

Wed Aug 14 05:24:55 UTC 2019
patches/packages/linux-4.4.189/*: Upgraded.
These updates fix various bugs and many security issues, and include the
Spectre v1 SWAPGS mitigations.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 4.4.187:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-13631
https://cve.mitre.org/cgi-bin/cvenam...CVE-2017-18509
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-14283
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-10207
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-14284
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-13648
Fixed in 4.4.189:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2018-20856
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2019-1125
(* Security fix *)

Thom1b 08-22-2019 01:02 AM

bind-9.11.10 is released with one security fix.
ftp://ftp.isc.org/isc/bind9/9.11.10/bind-9.11.10.tar.gz
ftp://ftp.isc.org/isc/bind9/9.11.10/....10.tar.gz.asc

Quote:

Security Fixes
A race condition could trigger an assertion failure when a large number of incoming packets were being rejected. This flaw is disclosed in CVE-2019-6471. [GL #942]

mats_b_tegner 08-28-2019 01:46 PM

Ruby
 
https://www.ruby-lang.org/en/news/20...ities-in-rdoc/
Quote:

Multiple jQuery vulnerabilities in RDoc

Posted by aycabta on 28 Aug 2019

There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.
Details

The following vulnerabilities have been reported.

CVE-2012-6708
CVE-2015-9251

It is strongly recommended for all Ruby users to upgrade your Ruby installation or take one of the following workarounds as soon as possible. You also have to re-generate existing RDoc documentation to completely mitigate the vulnerabilities.
Affected Versions

Ruby 2.3 series: all
Ruby 2.4 series: 2.4.6 and earlier
Ruby 2.5 series: 2.5.5 and earlier
Ruby 2.6 series: 2.6.3 and earlier
Fixed in Ruby versions 2.6.4, 2.5.6 and 2.4.7:
https://cache.ruby-lang.org/pub/ruby...y-2.6.4.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.5.6.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.4.7.tar.xz

Edit: An updated ruby 2.6.4 package is available for -current according to the latest ChangeLogs.

Thom1b 09-10-2019 09:33 AM

openssl-1.0.2t is released with security fixes.
https://www.openssl.org/source/openssl-1.0.2t.tar.gz
https://www.openssl.org/source/opens....2t.tar.gz.asc

Quote:

Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019]

o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Document issue with installation paths in diverse Windows builds
(CVE-2019-1552)

abga 09-11-2019 04:36 PM

Didn't know where to throw this and hope it'll be helpful, even if Slackware & its kernel (nothing available yet) cannot help.
There's a freshly discovered vulnerability (side channel attack), dubbed NetCAT - CVE-2019-11184, affecting only Intel Xeon E5, E7 and SP families that support DDIO and RDMA.
One of the mitigations is to disable (BIOS?) the DDIO and RDMA extensions.
More about these extensions:
https://www.intel.com/content/dam/ww...ct-i-o-faq.pdf
https://www.intel.com/content/dam/ww...logy-brief.pdf

News article:
https://www.theregister.co.uk/2019/0...hannel_attack/
The Free University of Amsterdam - VUSEC Team - the ones who did the research & discovery:
https://www.vusec.net/projects/netcat/
Research paper:
https://www.cs.vu.nl/~herbertb/downl...etcat_sp20.pdf
Intel's security advisory:
https://www.intel.com/content/www/us...-sa-00290.html


All times are GMT -5. The time now is 11:42 AM.