LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

mats_b_tegner 09-16-2019 11:11 AM

Kernel 4.19.73 fixes the following CVEs:
https://cdn.kernel.org/pub/linux/ker...4.19.73.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.73
Quote:

commit 47a0f70d7d9ac3d6b1a96b312d07bc67af3834e9
Author: Gustavo Romero
This fixes CVE-2019-15030.
https://www.openwall.com/lists/oss-s...y/2019/09/10/3
commit 569775bd536416ed9049aa580d9f89a0b4307d60
Author: Gustavo Romero
This fixes CVE-2019-15031.
https://www.openwall.com/lists/oss-s...y/2019/09/10/4
Only affects the PowerPC architecture.

ponce 09-16-2019 11:15 AM

Quote:

Originally Posted by mats_b_tegner (Post 6037278)

those are actually two bugs specific of the powerpc platform.

mats_b_tegner 09-19-2019 10:20 AM

Kernel 4.19.74 fixes CVE-2019-15504:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.74
Quote:

commit 3622d621e9beca76d53cd3007eb7b1d6e724716b
Author: Hui Peng
Date: Mon Aug 19 18:02:29 2019 -0400

rsi: fix a double free bug in rsi_91x_deinit()

commit 8b51dc7291473093c821195c4b6af85fadedbc2f upstream.

`dev` (struct rsi_91x_usbdev *) field of adapter
(struct rsi_91x_usbdev *) is allocated and initialized in
`rsi_init_usb_interface`. If any error is detected in information
read from the device side, `rsi_init_usb_interface` will be
freed. However, in the higher level error handling code in
`rsi_probe`, if error is detected, `rsi_91x_deinit` is called
again, in which `dev` will be freed again, resulting double free.

This patch fixes the double free by removing the free operation on
`dev` in `rsi_init_usb_interface`, because `rsi_91x_deinit` is also
used in `rsi_disconnect`, in that code path, the `dev` field is not
(and thus needs to be) freed.

This bug was found in v4.19, but is also present in the latest version
of kernel. Fixes CVE-2019-15504.
RSI wireless driver as far as I can tell.

Wiser Slacker 10-02-2019 10:21 PM

Xpdf-4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc
CVE-2019-16927

should now be fixed in Xpdf 4.02

Description:
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
Should be fixed:
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41889

hope it helps

volkerdi 10-03-2019 01:18 AM

Quote:

Originally Posted by Wiser Slacker (Post 6043161)
Xpdf-4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc
CVE-2019-16927

Unprivileged application crash.

abga 10-21-2019 08:01 PM

A potentially serious vulnerability (buffer overflow) in the kernel rtlwifi driver when using Wifi-Direct, affecting all kernels starting with 3.10.1, may crash or fully compromise vulnerable machines.
CVE-2019-17666
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-17666

A patch has been already made available and hope it'll get soon implemented & backported:
https://lkml.org/lkml/2019/10/16/1226

CTM 11-04-2019 10:30 AM

Assuming Slackware 15 isn't released by Christmas, are there any plans to upgrade to OpenSSL 1.1.1 in Slackware 14.2? OpenSSL 1.0.2 won't receive any security updates after December 31st, meaning that the latest stable version of Slackware will be using an unsupported (and potentially vulnerable) version of one of its most security-critical components. I've considered building my own openssl(-solibs) and openssl10(-solibs) packages for 14.2 based on the sources in -current and rebuilding the packages listed in the May 10th, 2018 update to -current, but testing everything and keeping it in line with the official 14.2 patches would be a significant commitment.

volkerdi 11-04-2019 01:18 PM

Quote:

Originally Posted by CTM (Post 6053974)
Assuming Slackware 15 isn't released by Christmas, are there any plans to upgrade to OpenSSL 1.1.1 in Slackware 14.2? OpenSSL 1.0.2 won't receive any security updates after December 31st, meaning that the latest stable version of Slackware will be using an unsupported (and potentially vulnerable) version of one of its most security-critical components. I've considered building my own openssl(-solibs) and openssl10(-solibs) packages for 14.2 based on the sources in -current and rebuilding the packages listed in the May 10th, 2018 update to -current, but testing everything and keeping it in line with the official 14.2 patches would be a significant commitment.

Slackware 14.2 will most likely not be moving to a newer version of openssl due to the changed API and the extensive patches that would likely to required in order to support it. But if there's a serious vulnerability in openssl-1.0.2, we'll certainly patch it. A local side-channel information leak may or may not rise to that level.

timsoft 11-12-2019 08:45 AM

there's a new kernel 4.4.200 mainly arm fixes, but does fix a cifs deadlock and other issues introduced in the back-porting of fixes which went into 4.4.199. https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.200

abga 11-12-2019 09:08 PM

New Intel CPU vulnerability discovered, a variant of the known ZombieLoad/MDS. It's mitigated already, it requires both new (patched) kernel and latest Intel microcode. See this post for more details:
https://www.linuxquestions.org/quest...ml#post6057033


Intel's security advisory:
https://www.intel.com/content/www/us...-sa-00270.html
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVEID: CVE-2019-11135

teoberi 11-13-2019 12:42 AM

I was missing such posts!
Thanks @abga.

abga 11-13-2019 06:02 AM

Quote:

Originally Posted by teoberi (Post 6057064)
I was missing such posts!
Thanks @abga.

Yeah, I just got a delayed BIOS update containing fixes (microcode) for the MDS vulnerability (discovered - 2018) for some of my DELL laptops and was happy that finally I don't need to care about loading the microcode myself. Well, my "state of happiness" didn't last that long...

Intel has actually released details and fixes for an entire list of vulnerabilities (Intel AMT , ME included) and a nice erratum called "Conditional Code Erratum", fixed by the latest microcode, affecting: Amber Lake, Cascade Lake, Coffee Lake, Comet Lake, Kaby Lake, Skylake and Whiskey Lake.

Intel's list of vulnerabilities:
https://www.intel.com/content/www/us...-sa-00241.html

Blog entry:
https://blogs.intel.com/technology/2...rm-update-ipu/

Mitigations for Jump Conditional Code Erratum - White Paper (apparently fixed by latest microcode):
https://www.intel.com/content/dam/su...de-erratum.pdf

ehartman 11-13-2019 07:07 AM

Quote:

Originally Posted by abga (Post 6057162)
was happy that finally I don't need to care about loading the microcode myself. Well, my "state of happiness" didn't last that long...

And note that the newest kernel upgrade for Slackware 14.2 (4.4.201) does not include the kernel-firmware package (again) anymore, so everyone: make sure you retain the (4 days old) firmware from the .199 kernel!

phenixia2003 11-13-2019 08:38 AM

Hello,

Quote:

Originally Posted by ehartman (Post 6057186)
And note that the newest kernel upgrade for Slackware 14.2 (4.4.201) does not include the kernel-firmware package (again) anymore, so everyone: make sure you retain the (4 days old) firmware from the .199 kernel!

... Or, instead of running slackpkg upgrade-all, run slackpkg upgrade patches to only upgrade packages for which updates are available in "patches" directory. This, obviously, applies to slackware-stable only.

"slackpkg upgrade-all" is mandatory on slackware-current. On stable, it is better to just stick to "slackpkg upgrade patches".

--
SeB

teoberi 11-13-2019 09:34 AM

Quote:

Originally posted by abga
Intel has actually released details and fixes for an entire list of vulnerabilities (Intel AMT , ME included) and a nice erratum called "Conditional Code Erratum", fixed by the latest microcode, affecting: Amber Lake, Cascade Lake, Coffee Lake, Comet Lake, Kaby Lake, Skylake and Whiskey Lake.
In the last few months I have spent a lot of time learning about Intel ME from here:
https://www.win-raid.com/f39-Intel-M...nt-Engine.html
https://www.win-raid.com/t596f39-Int...tem-Tools.html
This is how I managed to update my Intel ME version because my friends at ASUS had not yet decided to send me a new BIOS version.
Now I am analyzing the risk of updating to the latest Intel ME version available in the link above.
Thanks @abga seems to have it!


All times are GMT -5. The time now is 04:38 PM.