LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-07-2014, 12:22 AM   #286
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled

Update 20141107
  1. curl (libcurl)

    Several flaws in libcurl's curl_easy_duphandle() function can lead to libcurl eventually sending off sensitive data that was not intended
    for sending. See curl's advisory for more details. (CVE-2014-3707)

    Recommendation: Upgrade to curl 7.39 (sig)
--mancha
 
Old 11-10-2014, 10:37 AM   #287
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Update 20141110
  1. GnuTLS

    It was discovered the encoding of elliptic curves parameters in GnuTLS 3 is vulnerable to a denial of service (heap corruption). The
    vulnerability affects clients and servers that print information about a peer's certificate (e.g. key ID) and can be exploited via specially
    crafted X.509 certificates. (CVE-2014-8564)

    Recommendations:
    Note: Slackware 13.37 and earlier are unaffected (vulnerable code was introduced in GnuTLS 3.0).
--mancha
 
1 members found this post helpful.
Old 11-23-2014, 10:23 AM   #288
sanjioh
Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 92

Rep: Reputation: Disabled
php
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file (CVE-2014-3710).
Fixed in php 5.4.35.

file
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file (CVE-2014-3710).
Fixed upstream (not yet released at the time of writing)

tcpdump
denial of service in verbose mode using malformed OLSR payload (CVE-2014-8767)
denial of service in verbose mode using malformed Geonet payload (CVE-2014-8768) (vulnerability introduced in tcpdump 4.5.0, thus not affecting Slackware 14.1 or -current)
unreliable output using malformed AOVD payload (CVE-2014-8769)
Fixed in tcpdump 4.7.0 (not yet released at the time of writing)

dbus
local users can cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636 (CVE-2014-7824).
Fixed in dbus 1.6.26

kde-workspace
KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. This is secured with polkit. This helper takes the name of the ntp utility to run as an argument. This allows a hacker to run any arbitrary command as root under the guise of updating the time (CVE-2014-8651).
Fixed in kde-workspace 4.11.14

Last edited by sanjioh; 11-23-2014 at 01:31 PM. Reason: clearer CVE-2014-8768 description, as per post #289 by mancha
 
2 members found this post helpful.
Old 11-23-2014, 01:16 PM   #289
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Based on sanjioh's report in the previous post, I've backported fixes for tcpdump 4.4.0 and file 5.14 (versions shipped with Slackware
14.1 and current). For php, dbus, and kde-workspace, sanjioh provides the versions that fix the identified vulnerabilities.

  1. tcpdump

    Recommendation: Rebuild tcpdump 4.4.0 after applying tcpdump-4.4.0_CVE-2014-8767.diff and tcpdump-4.4.0_CVE-2014-8769.diff.

    Note: CVE-2014-8768 doesn't apply to Slackware because the vulnerable code was introduced in tcpdump 4.5.0.

  2. file

    Recommendation: Rebuild file 5.14 after applying file-5.14_CVE-2014-3710.diff.

    Note: There are several outstanding issues with Slackware's file/libmagic. You can look them up in the 20141014 Status Report.
--mancha
 
2 members found this post helpful.
Old 11-24-2014, 08:30 AM   #290
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
It looks like this affects Slackware.
 
Old 11-24-2014, 09:05 AM   #291
GazL
LQ Veteran
 
Registered: May 2008
Posts: 5,705

Rep: Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558
Quote:
Originally Posted by moisespedro View Post
It looks like this affects Slackware.
Slackware's lesspipe isn't that expansive, but even if it were, I'm not sure I buy this as being a threat.
If I download a malicious cpio file and view it with less using lesspipe, then that's no more dangerous than me downloading a cpio file and viewing it with cpio -t. If cpio is broken, then cpio is broken and it doesn't matter whether I'm viewing it directly with cpio or indirectly via less/lesspipe, mc, or any other front end.

I don't see how disabling lesspipe buys you anything.
 
Old 11-25-2014, 09:04 AM   #292
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Update 20141125
  1. FLAC

    It was recently disclosed FLAC 1.3.0 and earlier is vulnerable to a stack overflow (CVE-2014-8962) and heap overflow condition
    (CVE-2014-9028) that can be exploited by an attacker via maliciously crafted .flac files to trigger arbitrary code execution.

    Recommendation: Re-build flac 1.2.1 after applying flac-1.2.1_CVE-2014-8962.diff and flac-1.2.1_CVE-2014-9028.diff or upgrade
    to flac 1.3.1 (when it releases).

  2. libksba (GnuPG-2)

    libksba prior to version 1.3.2 is vulnerable to a buffer overflow condition that can be exploited by an attacker via maliciously crafted
    S/MIME messages or ECC-based OpenPGP data to trigger a denial of service or other unspecified impact. GnuPG 2.x users are
    encouraged to upgrade promptly. See announcement for more details. (CVE-2014-9087)

    Recommendation: Upgrade to libksba 1.3.2 (sig)
--mancha

Last edited by mancha; 11-26-2014 at 04:25 AM. Reason: added CVE
 
1 members found this post helpful.
Old 11-25-2014, 09:21 AM   #293
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
Quote:
Originally Posted by GazL View Post
Slackware's lesspipe isn't that expansive, but even if it were, I'm not sure I buy this as being a threat.
If I download a malicious cpio file and view it with less using lesspipe, then that's no more dangerous than me downloading a cpio file and viewing it with cpio -t. If cpio is broken, then cpio is broken and it doesn't matter whether I'm viewing it directly with cpio or indirectly via less/lesspipe, mc, or any other front end.

I don't see how disabling lesspipe buys you anything.
Oh, thanks for the clarification. I wasn't sure if it was that harmful.
 
Old 11-27-2014, 01:58 AM   #294
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 278
Blog Entries: 7

Rep: Reputation: Disabled
libpng
new releases are fixing out-of-bounds memory read potential problems.

http://www.libpng.org/pub/png/libpng.html
 
Old 11-28-2014, 10:19 PM   #295
turtleli
Member
 
Registered: Aug 2012
Location: UK
Posts: 206

Rep: Reputation: Disabled
I believe splitvt has a security bug - misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. (CVE-2008-0162, yes, pretty ancient)

I've compared the Slackware version to the Debian version (link, see 1.6.6-4 changelog entry), it hasn't been patched yet.

(Is there anyone that actually uses splitvt?)
 
Old 11-29-2014, 04:49 AM   #296
GazL
LQ Veteran
 
Registered: May 2008
Posts: 5,705

Rep: Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558
Slackware's splitvt is not SUID or SGID so there should be no privilege to drop.

(but as you say, I doubt anyone is using it now we have screen and tmux)
 
Old 11-29-2014, 07:39 AM   #297
turtleli
Member
 
Registered: Aug 2012
Location: UK
Posts: 206

Rep: Reputation: Disabled
Ok, guess it's not a problem then.

(Yeah, I remembered the Slackware installer has pretty much said for years now in the splitvt description "use screen", which made me wonder why it's still included with Slackware.)
 
Old 12-08-2014, 01:28 PM   #298
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware14.2 64-Bit Desktop, Devuan 2.0 ASCII Toshiba Satellite Notebook
Posts: 3,089

Rep: Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916
XScreensaver version

Running Slackware14.1-64bit and I am suddenly presented with this:
Click image for larger version

Name:	xscreensaver.png
Views:	71
Size:	85.9 KB
ID:	17055
Looks like that will have to be updated for the next release of Slackware.
 
Old 12-08-2014, 02:03 PM   #299
cwizardone
LQ Guru
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 6,247
Blog Entries: 1

Rep: Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520Reputation: 3520
Quote:
Originally Posted by Jeebizz View Post
Running Slackware14.1-64bit and I am suddenly presented with this:
Attachment 17055
Looks like that will have to be updated for the next release of Slackware.
Perhaps this is in the wrong thread? Regardless, the version of xscreensaver in -current is 5.29
 
Old 12-08-2014, 06:54 PM   #300
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,934

Rep: Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255Reputation: 6255
Quote:
Originally Posted by cwizardone View Post
Perhaps this is in the wrong thread? Regardless, the version of xscreensaver in -current is 5.29
That's also the version in Slackware 14.1's patches, precisely because of this nag screen.
 
1 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration