LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-28-2015, 09:39 PM   #331
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 9,428

Rep: Reputation: Disabled

And just subscribe to the slackware-security mailing list, you will receive all needed information in a timely manner for each security fix: availability of the packages, details of a ChangeLog, where to find the packages for all versions in concern, md5 signatures and installation instructions.
 
1 members found this post helpful.
Old 01-29-2015, 07:00 AM   #332
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,244
Blog Entries: 4

Rep: Reputation: 192Reputation: 192
What are thoughts on the Samba patch? I'm using Samba for the couple windows boxes used by the family but not running as a DC. I can't upgrade Samba as it breaks my ownCloud client.
 
Old 01-29-2015, 01:04 PM   #333
kenw232
Member
 
Registered: May 2006
Posts: 116

Rep: Reputation: 12
Is the only thing required to fix GHOST to upgrade glibc? Just this then - glibc-2.17-x86_64-10_slack14.1.txz?
 
Old 01-29-2015, 01:57 PM   #334
blizzack
LQ Newbie
 
Registered: Jan 2015
Location: Brooklyn, NY
Distribution: slackware
Posts: 7

Rep: Reputation: Disabled
Quote:
Originally Posted by kenw232 View Post
Is the only thing required to fix GHOST to upgrade glibc? Just this then - glibc-2.17-x86_64-10_slack14.1.txz?
almost!
if x86_64 is your arch then you'll want the 5 following files...
- glibc-2.17-x86_64-10_slack14.1.txz
- glibc-i18n-2.17-x86_64-10_slack14.1.txz
- glibc-profile-2.17-x86_64-10_slack14.1.txz
- glibc-solibs-2.17-x86_64-10_slack14.1.txz
- glibc-zoneinfo-2014j-noarch-1.txz
 
Old 01-29-2015, 02:03 PM   #335
blizzack
LQ Newbie
 
Registered: Jan 2015
Location: Brooklyn, NY
Distribution: slackware
Posts: 7

Rep: Reputation: Disabled
multilib fix to ghost

if you're using a multilib setup you'll still need patches for that as well

Can anyone else confirm?
 
Old 01-29-2015, 03:08 PM   #336
kenw232
Member
 
Registered: May 2006
Posts: 116

Rep: Reputation: 12
How about recompiling some of my stuff? Bind, Apache, etc. They're ok? How do I check if named is statically linked or dynamically linked against glibc? Is it possible to statically link against glibc?
 
Old 01-29-2015, 04:07 PM   #337
j_v
Member
 
Registered: Oct 2011
Distribution: Slackware64
Posts: 364

Rep: Reputation: 67
On my installation of 14.1, named and apache are both dynamically linked, which is the default for much of the installation. You can use the readelf utility to find out what libraries an elf binary is dynamically linked against:
Code:
readelf -d /usr/sbin/named
 
2 members found this post helpful.
Old 02-13-2015, 10:25 PM   #338
j_v
Member
 
Registered: Oct 2011
Distribution: Slackware64
Posts: 364

Rep: Reputation: 67
Quote:
Originally Posted by mancha View Post
Update 20150127

glibc (multiple issues)
  1. The wordexp function in glibc before 2.21 can ignore WRDE_NOCMD under certain input conditions resulting in the execution of a shell
    for command substitution when the application did not request it. This can be exploited by context-dependent attackers to execute
    arbitrary code (CVE-2014-7817)

    Solutions
    Slackware 14.1: Apply glibc-2.17_CVE-2014-7817.diff
    Slackware-current: Apply glibc-2.20_CVE-2014-7817.diff

  2. The getnetbyname function in glibc before 2.21 can enter an infinite loop if the DNS back-end is activated in the system Name Service
    Switch configuration, and the DNS resolver receives a positive answer while processing the network name. This can be exploited by
    context-dependent attackers to cause of denial of service. (CVE-2014-9402)

    Solutions
    Slackware 14.1: Apply glibc-2.17_CVE-2014-9402.diff
    Slackware-current: Apply glibc-2.20_CVE-2014-9402.diff

  3. A buffer overflow was discovered in __nss_hostname_digits_dots() in glibc prior to 2.18 that can be exploited locally and remotely via
    the gethostbyname* functions. (CVE-2015-0235 aka GHOST)

    Note: You can test vulnerability with CVE-2015-0235-test.c

    Solution
    Slackware 14.1: Apply glibc-2.17_CVE-2015-0235.diff
    Slackware-current: Not vulnerable

--mancha
Any idea about the other two CVE's: 2014-7817 and 2014-9402? Were they deemed low priority? I patched for them, as well, so I'm not worried; just curious.
 
Old 02-13-2015, 10:59 PM   #339
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by j_v View Post
Any idea about the other two CVE's: 2014-7817 and 2014-9402? Were they deemed low priority? I patched for them, as well, so I'm not worried; just curious.
I don't know why they've not been patched in Slackware (which is what you're asking). But, CVE-2015-0235 does appear to be more
severe (at least as far as we know) because of the potential for arbitrary code exec and the identification of at least one remote vector.

--mancha

Last edited by mancha; 02-14-2015 at 03:46 AM. Reason: tighten
 
2 members found this post helpful.
Old 02-14-2015, 08:27 AM   #340
j_v
Member
 
Registered: Oct 2011
Distribution: Slackware64
Posts: 364

Rep: Reputation: 67
OK. Thanks for your reply. And thank you very much for all your efforts. I very much appreciate your work with Slackware security issues.
 
1 members found this post helpful.
Old 02-24-2015, 12:41 AM   #341
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 329

Rep: Reputation: 253Reputation: 253Reputation: 253
samba

Quote:
Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order
to address CVE-2015-0240 (Unexpected code execution in smbd.). For the sake of
completeness, Samba 4.2.0rc5 including a fix for this defect will follow soon,
but it won't be a dedicated security release and will therefore address other
bug fixes also.

o CVE-2015-0240:
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server
daemon.

A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
https://download.samba.org/pub/samba...-4.1.17.tar.gz
https://download.samba.org/pub/samba...4.1.17.tar.asc
 
Old 02-25-2015, 09:56 PM   #342
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 329

Rep: Reputation: 253Reputation: 253Reputation: 253
bind

Quote:
Release Notes for BIND Version 9.9.7

Security Fixes

* On servers configured to perform DNSSEC validation using managed
trust anchors (i.e., keys configured explicitly via managed-keys,
or implicitly via dnssec-validation auto; or dnssec-lookaside
auto, revoking a trust anchor and sending a new untrusted
replacement could cause named to crash with an assertion failure.
This could occur in the event of a botched key rollover, or
potentially as a result of a deliberate attack if the attacker was
in position to monitor the victim's DNS traffic.
This flaw was discovered by Jan-Piet Mens, and is disclosed in
CVE-2015-1349. [RT #38344]
* A flaw in delegation handling could be exploited to put named into
an infinite loop, in which each lookup of a name server triggered
additional lookups of more name servers. This has been addressed by
placing limits on the number of levels of recursion named will
allow (default 7), and on the number of queries that it will send
before terminating a recursive query (default 50).
The recursion depth limit is configured via the max-recursion-depth
option, and the query limit via the max-recursion-queries option.
The flaw was discovered by Florian Maury of ANSSI, and is disclosed
in CVE-2014-8500. [RT #37580]
ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz
ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz.asc
 
Old 02-26-2015, 03:19 PM   #343
hendrickxm
Member
 
Registered: Feb 2014
Posts: 257

Rep: Reputation: Disabled
I am running glibc 2.19 on one of my machines. What backported patches and in which order should I apply them to issue all security issues?
Sorry again, found this:
[*]glibc 2.19
Code:
  # 2014-05:  We'll try building with the stock asm..
  ## Avoid the Intel optimized asm routines for now because they break
  ## the flash player.  We'll phase this in when it's safer to do so.
  #zcat $CWD/glibc.disable.broken.optimized.memcpy.diff.gz | patch -p1 --verbose || exit 1
  # Security patches:
  patch -p1 --verbose < $CWD/glibc-2.19_CVE-2014-4043.diff || exit 1
  patch -p1 --verbose < $CWD/glibc-2.19_CVE-2014-0475.diff || exit 1
  patch -p1 --verbose < $CWD/glibc-2.19_CVE-2014-5119.diff || exit 1
  patch -p1 --verbose < $CWD/glibc-2.19_CVE-2014-6040.diff || exit 1
  patch -p1 --verbose < $CWD/glibc-2.19_hardening.diff || exit 1
}
Adding CVE 2014-7817, CVE 2014-9402 and CVE 2015-0235 should do the job, I guess.

Last edited by hendrickxm; 03-01-2015 at 04:51 AM.
 
Old 03-02-2015, 03:41 AM   #344
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Update 20150302
  1. GnuPG

    A new side-channel attack, that extracts GnuPG private key material in a few seconds using simple consumer-grade radio equipment
    at a distance of 50cm, was recently disclosed. The attack's creators say the needed attack materials can be easily concealed in a
    pita bread. So, if you've recently been GPG'ing around any suspicious-looking gyros, I recommend re-keying. Read more about it
    here. (CVE-2014-3591)

    In addition to fixing the above, the new releases (below) fix data-dependent timing variations in modular exponentiation (cf. attack
    abstract). (CVE-2015-0837)

    Solutions:
    Upgrade to GnuPG 1.4.19 (sig)
    Upgrade to Libgcrypt 1.6.3 (sig) [for GnuPG 2]

    Note: If your GnuPG 2 is currently built against Libgcrypt 1.5.x, you'll need to re-build GnuPG 2 after upgrading Libgcrypt.
--mancha

Last edited by mancha; 03-02-2015 at 01:37 PM. Reason: fix sig links
 
2 members found this post helpful.
Old 03-18-2015, 02:58 PM   #345
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
20150318
  1. libXfont

    Three BFD font parsing vulnerabilities in libXfont were recently disclosed. The most likely attack vector is local users executing arbitrary
    code with the privileges of the X server (which in Slackware's case is root).

    • OOB write due to under-allocated buffer (CVE-2015-1802)
    • Read from invalid pointers caused by failed BFD parsing (CVE-2015-1803)
    • OOB memory access due to integer overflows (CVE-2015-1804)

    Solution for Slackware 14.1/current: Upgrade to libXfont 1.4.9 (sig)
--mancha
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration