LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-10-2017, 04:20 AM   #586
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 177

Rep: Reputation: 115Reputation: 115
pidgin-2.12.0 fixes CVE-2017-2640


Hi,

I don't know if it's a critical security fix, but pidgin-2.12.0 is released with CVE-2017-2640 fix.
https://downloads.sourceforge.net/pr...2.12.0.tar.bz2

All ChangeLog is here :
https://bitbucket.org/pidgin/www/src...docs/ChangeLog
 
1 members found this post helpful.
Old 03-23-2017, 05:39 AM   #587
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 177

Rep: Reputation: 115Reputation: 115
samba-4.4.12: CVE-2017-2619

samba-4.4.12 is released with security fixes.
https://download.samba.org/pub/samba...-4.4.12.tar.gz
https://download.samba.org/pub/samba...4.4.12.tar.asc

Quote:
These are a security releases in order to address the following defect:

o CVE-2017-2619 (Symlink race allows access outside share definition)

=======
Details
=======

o CVE-2017-2619:
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.

Samba uses the realpath() system call to ensure when a client requests
access to a pathname that it is under the exported share path on the
server file system.

Clients that have write access to the exported part of the file system
via SMB1 unix extensions or NFS to create symlinks can race the server
by renaming a realpath() checked path and then creating a symlink. If
the client wins the race it can cause the server to access the new
symlink target after the exported share path check has been done. This
new symlink target can point to anywhere on the server file system.

This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race reliably only when
the server is slowed down using the strace utility running on the
server. Exploitation of this bug has not been seen in the wild.


Changes:
--------

o Jeremy Allison <jra@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.

o Ralph Boehme <slow@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
 
2 members found this post helpful.
Old 03-23-2017, 12:49 PM   #588
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 177

Rep: Reputation: 115Reputation: 115
mcabber-1.0.5 : This release fixes CVE-2017-5589.

mcabber-1.0.5 is released since January with CVE-2017-5589 security fix.
http://mcabber.com/files/mcabber-1.0.5.tar.bz2
http://mcabber.com/files/mcabber-1.0.5.tar.bz2.asc
 
2 members found this post helpful.
Old 03-23-2017, 05:41 PM   #589
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,398

Rep: Reputation: 637Reputation: 637Reputation: 637Reputation: 637Reputation: 637Reputation: 637
wrong thread
 
Old 03-25-2017, 08:19 PM   #590
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 422

Rep: Reputation: 204Reputation: 204Reputation: 204
mariadb 10.0.30

MariaDB 10.0.30 fixes two CVEs
https://mariadb.com/kb/en/mariadb/ma...release-notes/
https://mariadb.com/kb/en/mariadb/ma...030-changelog/
http://cve.mitre.org/cgi-bin/cvename...=CVE-2017-3313
http://cve.mitre.org/cgi-bin/cvename...=CVE-2017-3302
 
2 members found this post helpful.
Old 03-26-2017, 09:51 AM   #591
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,592
Blog Entries: 1

Rep: Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944
Cve-2017-2636

CVE-2017-2636
http://www.zdnet.com/article/old-lin...ity-bug-bites/

I've searched this forum for a post on CVE-2017-2636, but didn't find one. OTOH, I could have missed it.

Seems to be quite serious and the module is present,
but not loaded, in the most recent -current kernel.

Quote:
filename: /lib/modules/4.4.38/kernel/drivers/tty/n_hdlc.ko
alias: tty-ldisc-13
author: Paul Fulghum paulkf@microgate.com
license: GPL
depends:
intree: Y
vermagic: 4.4.38 SMP mod_unload
parm: debuglevel:int
parm: maxframe:int

Last edited by cwizardone; 03-26-2017 at 09:52 AM.
 
Old 03-26-2017, 03:24 PM   #592
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 422

Rep: Reputation: 204Reputation: 204Reputation: 204
Quote:
Originally Posted by cwizardone View Post
CVE-2017-2636
http://www.zdnet.com/article/old-lin...ity-bug-bites/

I've searched this forum for a post on CVE-2017-2636, but didn't find one. OTOH, I could have missed it.

Seems to be quite serious and the module is present,
but not loaded, in the most recent -current kernel.
The fix is in kernel 4.4.54:
https://lkml.org/lkml/2017/3/14/1038
Quote:
Alexander Popov (1):
tty: n_hdlc: get rid of racy n_hdlc.tbuf
Edit: The fix is included in kernels 4.9.x and 4.10.x as well...

Last edited by mats_b_tegner; 03-27-2017 at 10:07 AM.
 
1 members found this post helpful.
Old 03-26-2017, 07:13 PM   #593
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,052

Rep: Reputation: 489Reputation: 489Reputation: 489Reputation: 489Reputation: 489
cwizardone --

What mats_b_tegner said.

Plus ...

Here is an email from Alexander Popov about the bug fix:

Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc

HTH

-- kjh

P.S. I looked for myself and meant to add:

Code:
# grep CONFIG_N_HDLC  /boot/config

CONFIG_N_HDLC=m

Last edited by kjhambrick; 03-26-2017 at 07:15 PM. Reason: p.s.
 
1 members found this post helpful.
Old 03-27-2017, 01:02 AM   #594
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,592
Blog Entries: 1

Rep: Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944Reputation: 944
@mats_b_tegner and kjhambrick,
Thanks for the information.
Guess I'll have to "roll my own" kernel.
Now, where did I put those instructions.

Last edited by cwizardone; 03-27-2017 at 01:05 AM.
 
Old 03-31-2017, 03:40 AM   #595
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 177

Rep: Reputation: 115Reputation: 115
samba-4.4.13: CVE-2017-2619

Samba 4.6.2, 4.5.8 and 4.4.13 are released with security fixes

Quote:
Release Announcements
---------------------

These are bug fix releases to address a regression introduced by the security
fixes for CVE-2017-2619 (Symlink race allows access outside share definition).
Please see https://bugzilla.samba.org/show_bug.cgi?id=12721 for details.


Changes:
--------

o Jeremy Allison <jra@samba.org>
* BUG 12721: Fix regression with "follow symlinks = no".
 
1 members found this post helpful.
Old 03-31-2017, 08:29 AM   #596
orbea
Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 743

Rep: Reputation: Disabled
Quote:
Originally Posted by cwizardone View Post
@mats_b_tegner and kjhambrick,
Thanks for the information.
Guess I'll have to "roll my own" kernel.
Now, where did I put those instructions.
http://docs.slackware.com/howtos:sla...kernelbuilding
 
1 members found this post helpful.
Old 03-31-2017, 01:58 PM   #597
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 422

Rep: Reputation: 204Reputation: 204Reputation: 204
Kernel 4.4.59

kernel 4.4.59 fixes CVE-2017-7184
https://cdn.kernel.org/pub/linux/ker...-4.4.59.tar.xz
https://cdn.kernel.org/pub/linux/ker...angeLog-4.4.59
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2017-7184

Last edited by mats_b_tegner; 03-31-2017 at 01:59 PM.
 
2 members found this post helpful.
Old 04-13-2017, 02:41 AM   #598
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 177

Rep: Reputation: 115Reputation: 115
bind-9.10.4-P8 is released with security fixes

bind-9.10.4-P8, also 9.9.9-P8 and 9.11.0-P5 are released with security fixes.

Quote:
Security Fixes

* rndc "" could trigger an assertion failure in named. This flaw is
disclosed in (CVE-2017-3138). [RT #44924]
* Some chaining (i.e., type CNAME or DNAME) responses to upstream
queries could trigger assertion failures. This flaw is disclosed in
CVE-2017-3137. [RT #44734]
* dns64 with break-dnssec yes; can result in an assertion failure.
This flaw is disclosed in CVE-2017-3136. [RT #44653]
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* It was possible to trigger a assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
 
2 members found this post helpful.
Old 04-13-2017, 01:44 PM   #599
ttk
Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware
Posts: 569
Blog Entries: 23

Rep: Reputation: 600Reputation: 600Reputation: 600Reputation: 600Reputation: 600Reputation: 600
Is https://cve.mitre.org/cgi-bin/cvenam...CVE-2016-10229 on anyone's radar? I don't see it mentioned in the ChangeLog nor in this thread.

Quote:
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
 
2 members found this post helpful.
Old 04-13-2017, 03:43 PM   #600
Petri Kaukasoina
Member
 
Registered: Mar 2007
Posts: 262

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by ttk View Post
Is https://cve.mitre.org/cgi-bin/cvenam...CVE-2016-10229 on anyone's radar? I don't see it mentioned in the ChangeLog nor in this thread.
In the longtime 4.4 kernel, it was fixed in Linux 4.4.21:

https://cdn.kernel.org/pub/linux/ker...angeLog-4.4.21

Code:
commit dfe2042d96065f044a794f684e9f7976a4ca6e24
Author: Eric Dumazet <edumazet@google.com>
Date:   Tue Aug 30 00:34:58 2016 -0400

    udp: properly support MSG_PEEK with truncated buffers
    
    [ Upstream commit 197c949e7798fbf28cfadc69d9ca0c2abbf93191 ]
    
    Backport of this upstream commit into stable kernels :
    89c22d8c3b27 ("net: Fix skb csum races when peeking")
    exposed a bug in udp stack vs MSG_PEEK support, when user provides
    a buffer smaller than skb payload.
 
3 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration