Is this thread no longer sticky?

I think for some reason they unstickied this one and kept this old and outdated one as the sticky...

Well, maybe it's time to start a new one, without any date & "outstanding" in the title, like:
[Slackware security] Live Vulnerabilities Announcements & Reports

Hi,

I think the thread Status Update: Slackware LQ Security Thread is the one.

@Thom1b

Thanks! Noticed that already. It's all GazL's fault for calling it "active, and useful" :D
Now this one that contains all the fresh stuff & details will get flushed down the toilet ... forum thread list and will soon vanish.
I don't know if it's in the power of the mods, but I'd rather suggest to rename this thread, remove " outstanding 20140101 " from the title and keep it active & sticky.
Or, rename it in: [Slackware security] Live Vulnerabilities Announcements & Reports
- maybe other more suggestive name (I'm not a native English speaker and not very creative at this time (tired too)).

Yep, sorry guys, looks like my desire to tidy up the stickies backfired and they clobbered the wrong one.



Mods, please can you. re-sticky this active thead:
https://www.linuxquestions.org/quest...-a-4175489800/

and unsticky this dead one: https://www.linuxquestions.org/quest...ad-4175522182/



As for the title, it might be an idea to wait until Jan and start a new 2020 thread to use going forward, or start a new one when Slackware 15.0 releases. what do people think?

'Live' might make people think it relates to Eric's Slackware-Live.

"[Slackware Security] Unresolved Vulnerability Announcements, Reports and Discussion" seems like an unambiguous title, if a little bit long.

"[Slackware Security] Vulnerability Announcements, Reports and Discussion"

Since I hope a few become solved, that would be my vote

Thanks for correcting. Reversed stickification.

Thanks UnSpawn, much appreciated.

Turns out the Documentation for firewalld.conf clearly says that IPv4 rpfilter is controlled by sysctl.conf. So setting up sysctl.conf as stated above is exactly what to do. Thanks.

I felt the "outstanding" would suggest that the vulnerabilities are not resolved and that is false, I know for sure Patrick is constantly monitoring & providing inputs in the thread and issues are getting resolved in no-time. The same goes for "current" - again unresolved?, additionally, for a visitor it can also suggest that Slackware is not doing a good job -, like : "look they have a thread for the outstanding(unresolved) security issues" :)
With "Live" I wanted to emphasize that the thread is active and "alive", that it should be used and monitored, but now I believe Tonus' formulation could be more suitable (with the plural for Discussion):
"[Slackware Security] Vulnerability Announcements, Reports and Discussions"

Glad it's back on sticky. :)

Actually, the original intention for the thread was as a place to draw attention to and discuss security related issues that need addressing on a Slackware system: either by local sysadms, or Pat, applying an upstream patch/update, or taking mitigating steps.

As such, "outstanding" and "unresolved" are appropriate. I prefer "unresolved" so as to avoid the multiple meanings "outstanding" has.

What I see abga trying to explain is that someone might look on page one and see a vulnerability from 2014 that they think hasn't been addressed. Without a proper way to edit the older posts in the thread when things are no longer outstanding or unresolved, it may lead someone to think that Slackware is insecure. Hopefully they won't come to that conclusion, but it is always possible.

If we had the ability to edit the first post and keep track of currently known vulnerabilities that don't have patches (or even recent ones that had patches already pushed out), it would make more sense to leave it as outstanding or unresolved.

But since I believe only moderators would have the ability to edit posts that old (and the topic name), we're stuck with the current name and OP.

I suppose if someone wanted to be gung-ho and maintain a slack-docs article on current vulnerabilities, they could open a new thread for new vulnerabilities announcements/reportings and then in the first post, they could link the slack-docs article that tracks current/recent vulnerabilities and their status on various Slackware versions. I certainly don't have the time and inclination to manage that, but it would certainly be a nice resource if someone is able to tackle it.

Kernel 4.4.210 fixes the following CVEs: CVE-2019-14615, CVE-2019-14895
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.210
https://cdn.kernel.org/pub/linux/ker...4.4.210.tar.xz