LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-02-2016, 03:13 AM   #556
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 164

Rep: Reputation: 111Reputation: 111
bind & curl


Hi,

bind-9.10.4-P4 is released with security fixes.
Quote:
CVE-2016-8864: A problem handling responses containing a DNAME
answer can lead to an assertion failure

CVE: CVE-2016-8864
Document Version: 2.0
Posting date: 1 November 2016
Program Impacted: BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0 -> 9.9.9-P3,
9.9.3-S1 -> 9.9.9-S5, 9.10.0 -> 9.10.4-P3,
9.11.0
Severity: High
Exploitable: Remotely

Description:

A defect in BIND's handling of responses containing a DNAME answer
can cause a resolver to exit after encountering an assertion failure
in db.c or resolver.c

Impact:

During processing of a recursive response that contains a DNAME
record in the answer section, BIND can stop execution after
encountering an assertion error in resolver.c (error message:
"INSIST((valoptions & 0x0002U) != 0) failed") or db.c (error
message: "REQUIRE(targetp != ((void *)0) && *targetp == ((void
*)0)) failed").

ther of these error conditions will stop,
resulting in denial of service to clients. The risk to authoritative
servers is minimal; recursive servers are chiefly at risk.
curl-7.51.0 is released with a lot of security fixes.
Quote:
This release includes the following changes:

o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]

This release includes the following bugfixes:

o CVE-2016-8615: cookie injection for other servers [28]
o CVE-2016-8616: case insensitive password comparison [29]
o CVE-2016-8617: OOB write via unchecked multiplication [30]
o CVE-2016-8618: double-free in curl_maprintf [31]
o CVE-2016-8619: double-free in krb5 code [32]
o CVE-2016-8620: glob parser write/read out of bounds [33]
o CVE-2016-8621: curl_getdate read out of bounds [34]
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
o CVE-2016-8623: Use-after-free via shared cookies [36]
o CVE-2016-8624: invalid URL parsing with '#' [37]
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
o examples/imap-append: Set size of data to be uploaded [4]
o test2048: fix url
o darwinssl: disable RC4 cipher-suite support
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
o openssl: donít call CRYTPO_cleanup_all_ex_data [5]
o libressl: fix version output [6]
o easy: Reset all statistical session info in curl_easy_reset [7]
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
o dist: add CurlSymbolHiding.cmake to the tarball
o docs: Remove that --proto is just used for initial retrieval [9]
o configure: Fixed builds with libssh2 in a custom location
o curl.1: --trace supports % for sending to stderr!
o cookies: same domain handling changed to match browser behavior [11]
o formpost: trying to attach a directory no longer crashes [12]
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
o formpost: avoid silent snprintf() truncation
o ftp: fix Curl_ftpsendf
o mprintf: return error on too many arguments
o smb: properly check incoming packet boundaries [14]
o GIT-INFO: remove the Mac 10.1-specific details [15]
o resolve: add error message when resolving using SIGALRM [16]
o cmake: add nghttp2 support [17]
o dist: remove PDF and HTML converted docs from the releases [18]
o configure: disable poll() in macOS builds [19]
o vtls: only re-use session-ids using the same scheme
o pipelining: skip to-be-closed connections when pipelining [20]
o win: fix Universal Windows Platform build [21]
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
o maketgz: make it support "only" generating version info
o Curl_socket_check: add extra check to avoid integer overflow
o gopher: properly return error for poll failures
o curl: set INTERLEAVEDATA too
o polarssl: clear thread array at init
o polarssl: fix unaligned SSL session-id lock
o polarssl: reduce #ifdef madness with a macro
o curl_multi_add_handle: set timeouts in closure handles [23]
o configure: set min version flags for builds on mac [24]
o INSTALL: converted to markdown => INSTALL.md
o curl_multi_remove_handle: fix a double-free [25]
o multi: fix inifinte loop in curl_multi_cleanup() [26]
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
o mbedtls: stop using deprecated include file [40]
o docs: fix req->data in multi-uv example [41]
o configure: Fix test syntax for monotonic clock_gettime
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
 
5 members found this post helpful.
Old 11-04-2016, 03:19 AM   #557
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 411

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by Thom1b View Post
Hi,
bind-9.10.4-P4 is released with security fixes.
curl-7.51.0 is released with a lot of security fixes.
Are patched according to the latest ChangeLog:
http://www.slackware.com/security/vi...ecurity.571846
http://www.slackware.com/security/vi...ecurity.661139
 
Old 11-15-2016, 08:08 PM   #558
TracyTiger
Member
 
Registered: Apr 2011
Location: California, USA
Distribution: Slackware
Posts: 444

Rep: Reputation: 177Reputation: 177
Cryptsetup CVE-2016-4484 Applies to Slackware 14.2

I just saw this vulnerability regarding cryptsetup / luks affecting version 2.1 and earlier. I tried it on a Slackware64 14.2 system and reproduced the problem easily.

After failing to unlock an encrypted partition during boot one is dropped into a shell as root. From there it is simple to mount unencrypted partitions, such as /boot, and have your way with it such as adding suid programs for later use.

Hmmm, I wonder if /boot could be mounted nosuid & noexec and still work?
 
2 members found this post helpful.
Old 11-16-2016, 06:41 AM   #559
GazL
Senior Member
 
Registered: May 2008
Posts: 4,377
Blog Entries: 7

Rep: Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825
The "rescue shell" in the initrd is a feature not a bug. Whilst it's something to be aware of from a hardening standpoint, unless you've locked down your bios/uefi environment and boot-managers so an attacker can't boot from alternate media or override kernel options (such as init=/bin/sh) then they're not getting any access here that they couldn't get in several other ways.

Taking the rescue shell out completely would hinder problem determination should you hit issues during the initrd phase, but perhaps there's an argument for a '--hardened' flag on mkinitrd to aid those that need a locked down boot process.

This is not the serious vulnerability that some websites are making out. zdnet actually compared it to heartbleed, which is just laughable.
 
3 members found this post helpful.
Old 11-16-2016, 10:13 AM   #560
GazL
Senior Member
 
Registered: May 2008
Posts: 4,377
Blog Entries: 7

Rep: Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825
I really don't know if this is worth worrying about, but here you go, this is a quick and dirty patch for this issue (NOTE: Not tested at all!)
Code:
Fix: CVE-2016-4484 - Cryptsetup Initrd root Shell
Apply to 'init' in /usr/share/mkinitrd/initrd-tree.tar.gz

--- init.orig   2016-09-20 19:27:04.000000000 +0100
+++ init        2016-11-16 16:11:01.947041538 +0000
@@ -125,6 +125,9 @@
     rootfs=*|rootfstype=*)
       ROOTFS=$(echo $ARG | cut -f2 -d=)
     ;;
+    shellonfail)
+      SHELLONFAIL=1
+    ;;
     waitforroot=*|rootdelay=*)
       WAIT=$(echo $ARG | cut -f2 -d=)
     ;;
@@ -303,9 +306,16 @@
   
   if [ ! -r /mnt/sbin/init ]; then
     echo "ERROR:  No /sbin/init found on rootdev (or not mounted).  Trouble ahead."
-    echo "        You can try to fix it. Type 'exit' when things are done." 
-    echo
-    /bin/sh
+    if [ -n "$SHELLONFAIL" ]; then
+      echo "        You can try to fix it. Type 'exit' when things are done." 
+      echo
+      /bin/sh
+    else
+      echo "        Reboot specifying 'shellonfail' to get access to" 
+      echo "        a shell for diagnostic purposes." 
+      echo
+      /sbin/halt
+    fi
   fi
 else
   echo
 
1 members found this post helpful.
Old 12-14-2016, 01:22 PM   #561
qunying
Member
 
Registered: Jun 2002
Distribution: Slackware
Posts: 107

Rep: Reputation: 39
expat 2.2.0

expat 2.2.0 (21 June 2016). Security fix and other bug fixes:

CVE-2016-0718 (issue 537)
Fix crash on malformed input
CVE-2016-4472
Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1
CVE-2016-5300 (issue 499)
Use more entropy for hash initialization than the original fix to CVE-2012-0876
CVE-2012-6702 (issue 519)
Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)
 
2 members found this post helpful.
Old 12-15-2016, 01:27 PM   #562
bassplayer69
Member
 
Registered: Jul 2007
Location: In a van down by the river...
Distribution: Slackware64-Current
Posts: 200

Rep: Reputation: 41
Kernel 4.4.39 is out! https://cdn.kernel.org/pub/linux/ker...angeLog-4.4.39
 
3 members found this post helpful.
Old 12-17-2016, 06:31 AM   #563
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 411

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by bassplayer69 View Post
Are there any security fixes in this kernel? I can't find any mentions of CVEs in the ChangeLog.

Last edited by mats_b_tegner; 12-17-2016 at 02:20 PM.
 
1 members found this post helpful.
Old 12-17-2016, 07:09 AM   #564
kjhambrick
Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 932

Rep: Reputation: 385Reputation: 385Reputation: 385Reputation: 385
Quote:
Originally Posted by mats_b_tegner View Post
Are there any security fixes in this kernel? I cant find any mentions of CVEs in the ChangeLog.
mats_b_tegner --

Me neither ...

I've been remiss in cleaning up old kernels in my dld/ directory so I have a few examples.

Below are the Kernels sinve 4.4.29 that have the string [Cc][Vv][Ee] in them:

HTH.

-- kjh
Code:
# grep -i cve *ChangeLog

linux-4.4.29-ChangeLog:    References: CVE-2016-7097
linux-4.4.31-ChangeLog:    kvm: x86: Check memopp before dereference (CVE-2016-8630)
linux-4.4.31-ChangeLog:    Fixes: CVE 2016-8633
linux-4.4.31-ChangeLog:    This fixes CVE-2016-7042.
linux-4.4.32-ChangeLog:    Fixes: CVE-2016-7039
linux-4.4.36-ChangeLog:    This fixes CVE-2016-8650.
linux-4.4.38-ChangeLog:    CVE-2016-8399
 
Old 12-17-2016, 07:10 AM   #565
GazL
Senior Member
 
Registered: May 2008
Posts: 4,377
Blog Entries: 7

Rep: Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825Reputation: 1825
Quote:
Originally Posted by mats_b_tegner View Post
Are there any security fixes in this kernel? I cant find any mentions of CVEs in the ChangeLog.
Non explicitly mentioned by CVE number, but a few of them have that sort of smell about them.
Quote:
zram hot_add sysfs attribute is a very 'special' attribute - reading from it creates a new uninitialized zram device. This file, by a mistake, can be read by a 'normal' user at the moment, while only root must be able to create a new zram device.
There was also mention of many of the usual suspects: bad memory access, overflows, races, use after free's etc. I don't have the in-depth knowledge necessary to say whether any of this is worth worrying about, and the linux dev's are infamous for not highlighting security issues, so I think the best answer to your question is "Probably".

Last edited by GazL; 12-17-2016 at 07:11 AM.
 
2 members found this post helpful.
Old 12-17-2016, 07:12 AM   #566
kjhambrick
Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 932

Rep: Reputation: 385Reputation: 385Reputation: 385Reputation: 385
I like GazL's answer ( probably ) better than mine
 
1 members found this post helpful.
Old 12-17-2016, 08:29 AM   #567
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 411

Rep: Reputation: 189Reputation: 189
cURL 7.52.1

cURL 7.52.1 is available:
https://curl.haxx.se/changes.html
This release fixes CVE-2016-9594
https://curl.haxx.se/docs/adv_20161223.html

Last edited by mats_b_tegner; 12-23-2016 at 12:36 PM. Reason: cURL
 
1 members found this post helpful.
Old 12-30-2016, 11:54 AM   #568
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 411

Rep: Reputation: 189Reputation: 189
thunderbird 45.6.0

https://www.mozilla.org/en-US/securi...s/mfsa2016-96/
https://ftp.mozilla.org/pub/thunderb....source.tar.xz

Edit:
Updated Thunderbird 45.6.0 packages are available according to the latest ChangeLogs.

Last edited by mats_b_tegner; 01-04-2017 at 11:01 AM. Reason: Fix links
 
1 members found this post helpful.
Old 01-06-2017, 05:34 AM   #569
Cesare
Member
 
Registered: Jun 2010
Posts: 52

Rep: Reputation: 56
irssi 0.8.21 and 1.0.0(!) were released, fixing CVE-2017-5193, CVE-2017-5194, CVE-2017-5195 and CVE-2017-5196.
See https://irssi.org/security/irssi_sa_2017_01.txt
 
Old 01-18-2017, 08:56 AM   #570
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 164

Rep: Reputation: 111Reputation: 111
mariadb-10.0.29 is released with many security fixes.
https://mariadb.com/kb/en/mariadb/ma...release-notes/
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration