LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-16-2017, 04:55 AM   #661
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 15.0 + Multilib
Posts: 2,159

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512

Thanks Didier Spaier

I read about KRACK this morning on The Register

There are a few additional links in there, but I didn't see a link to the site you linked.

EDIT: The Placeholder WebSite in The Register now links to your link.

Thanks again.

-- kjh

Last edited by kjhambrick; 10-16-2017 at 05:06 AM.
 
1 members found this post helpful.
Old 10-16-2017, 09:07 AM   #662
detvarmeg
LQ Newbie
 
Registered: Oct 2017
Posts: 3

Rep: Reputation: Disabled
wpa_supplicant patched. See w1.fi/security/2017-1/
 
4 members found this post helpful.
Old 10-16-2017, 10:21 AM   #663
detvarmeg
LQ Newbie
 
Registered: Oct 2017
Posts: 3

Rep: Reputation: Disabled
Successfully patched/built/ran wpa_supplicant v2.6 to mitigate KRACK.

After pulling rebased-v2.6-0001 through 0008 patches from w1.fi/security/2017-1/ I added the following to the stock slackware wpa_supplicant build script after line 88:

#KRACK
for i in $(ls -1 $CWD/patches/rebased*.patch); do
cat $i | patch -p1 --verbose || exit 1
done
 
3 members found this post helpful.
Old 10-16-2017, 10:49 AM   #664
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Rep: Reputation: Disabled
Follow up: Vulnerability Note VU#228519

http://www.kb.cert.org/vuls/id/228519

See also for Intel devices and associated firmware:
https://security-center.intel.com/ad...nguageid=en-fr
 
3 members found this post helpful.
Old 10-18-2017, 10:27 PM   #665
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Rep: Reputation: Disabled
Fixes for Slackware provided, thanks.
 
Old 10-23-2017, 06:27 AM   #666
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
curl-7.56.1

curl-7.56.1 is released with security fixes.
https://curl.haxx.se/download/curl-7.56.1.tar.xz
https://curl.haxx.se/download/curl-7.56.1.tar.xz.asc

Quote:
IMAP FETCH response out of bounds read
======================================

Project curl Security Advisory, October 23rd 2017 -
[Permalink](https://curl.haxx.se/docs/adv_20171023.html)

VULNERABILITY
-------------

libcurl contains a buffer overrun flaw in the IMAP handler.

An IMAP FETCH response line indicates the size of the returned data, in number
of bytes. When that response says the data is zero bytes, libcurl would pass
on that (non-existing) data with a pointer and the size (zero) to the
deliver-data function.

libcurl's deliver-data function treats zero as a magic number and invokes
strlen() on the data to figure out the length. The strlen() is called on a
heap based buffer that might not be zero terminated so libcurl might read
beyond the end of it into whatever memory lies after (or just crash) and then
deliver that to the application as if it was actually downloaded.

We are not aware of any exploit of this flaw.

INFO
----

This bug was introduced in commit
[ec3bb8f727](https://github.com/curl/curl/commit/ec3bb8f727), December 2009,
when the initial support for IMAP was introduced.

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2017-1000257 to this issue.

AFFECTED VERSIONS
-----------------

- Affected versions: libcurl 7.20.0 to and including 7.56.0
- Not affected versions: libcurl < 7.20.0 and >= 7.56.1

curl is used by many applications, but not always advertised as such.
 
1 members found this post helpful.
Old 10-24-2017, 08:16 AM   #667
Cesare
Member
 
Registered: Jun 2010
Posts: 65

Rep: Reputation: 113Reputation: 113
irssi 1.0.5 has been released, fixing CVE-2017-15228, CVE-2017-15227, CVE-2017-15721, CVE-2017-15723 and CVE-2017-15722. See https://irssi.org/2017/10/22/irssi-1.0.5-released/ and https://irssi.org/security/irssi_sa_2017_10.txt for details. Upgrading is recommended.
 
3 members found this post helpful.
Old 10-26-2017, 11:49 PM   #668
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
php-5.6.32

php-5.6.32 is released with security fix.

Quote:
Date:
Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()).
mcrypt:
Fixed bug #72535 (arcfour encryption stream filter crashes php).
PCRE:
Fixed bug #75207 (applied upstream patch for CVE-2016-1283).
 
Old 11-29-2017, 04:44 AM   #669
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 476

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
curl-7.57.0

curl-7.57.0 is released with 3 security fixes :

Quote:
Curl and libcurl 7.57.0

Public curl releases: 171
Command line options: 211
curl_easy_setopt() options: 249
Public functions in libcurl: 74
Contributors: 1649

This release includes the following changes:

o auth: add support for RFC7616 - HTTP Digest access authentication [12]
o share: add support for sharing the connection cache [31]
o HTTP: implement Brotli content encoding [28]

This release includes the following bugfixes:

o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
o CVE-2017-8817: FTP wildcard out of bounds read [48]
o CVE-2017-8818: SSL out of buffer access [49]
o curl_mime_filedata.3: fix typos [1]
o libtest: Add required test libraries for lib1552 and lib1553 [2]
o fix time diffs for systems using unsigned time_t [3]
o ftplistparser: memory leak fix: free temporary memory always [4]
o multi: allow table handle sizes to be overridden [5]
o wildcards: don't use with non-supported protocols [6]
o curl_fnmatch: return error on illegal wildcard pattern [7]
o transfer: Fix chunked-encoding upload too early exit [8]
o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
o resolvers: only include anything if needed [10]
o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
o appveyor: add a win32 build
o Curl_timeleft: change return type to timediff_t [11]
o cmake: Export libcurl and curl targets to use by other cmake projects [13]
o curl: in -F option arg, comma is a delimiter for files only [14]
o curl: improved ";type=" handling in -F option arguments
o timeval: use mach_absolute_time() on MacOS [15]
o curlx: the timeval functions are no longer provided as curlx_* [16]
o mkhelp.pl: do not generate comment with current date [17]
o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
o cookie: avoid NULL dereference [19]
o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
o include: remove conncache.h inclusion from where its not needed
o CURLOPT_MAXREDIRS: allow -1 as a value [21]
o tests: Fixed torture tests on tests 556 and 650
o http2: Fixed OOM handling in upgrade request
o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
o CURLOPT_INFILESIZE: accept -1 [22]
o curl: pass through [] in URLs instead of calling globbing error [23]
o curl: speed up handling of many URLs [24]
o ntlm: avoid malloc(0) for zero length passwords [25]
o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
o HTTP: support multiple Content-Encodings [27]
o travis: add a job with brotli enabled
o url: remove unncessary NULL-check
o fnmatch: remove dead code
o connect: store IPv6 connection status after valid connection [29]
o imap: deal with commands case insensitively [30]
o --interface: add support for Linux VRF [32]
o content_encoding: fix inflate_stream for no bytes available [33]
o cmake: Correctly include curl.rc in Windows builds [34]
o cmake: Add missing setmode check [35]
o connect.c: remove executable bit on file [36]
o SMB: fix uninitialized local variable
o zlib/brotli: only include header files in modules needing them [37]
o URL: return error on malformed URLs with junk after IPv6 bracket [38]
o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
o --resolve: allow IP address within [] brackets [41]
o examples/curlx: Fix code style [42]
o ntlm: remove unnecessary NULL-check to please scan-build [43]
o Curl_llist_remove: fix potential NULL pointer deref [43]
o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
o http2: fix "Value stored to 'end' is never read" scan-build error [43]
o Curl_open: fix OOM return error correctly [43]
o url: reject ASCII control characters and space in host names [44]
o examples/rtsp: clear RANGE again after use [45]
o connect: improve the bind error message [46]
o make: fix "make distclean" [50]
o connect: add support for new TCP Fast Open API on Linux [51]
o metalink: fix memory-leak and NULL pointer dereference [52]
o URL: update "file:" URL handling [53]
o ssh: remove check for a NULL pointer [54]
o global_init: ignore CURL_GLOBAL_SSL's absense [55]
 
1 members found this post helpful.
Old 01-03-2018, 05:23 PM   #670
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,634

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
New Intel/AMD/ARM CPUs that are implementing speculative execution ( https://en.wikipedia.org/wiki/Speculative_execution ) look to be affected by a new security issue. A new kernel patch / maybe a whole new kernel will be soon required:
"
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
"
https://newsroom.intel.com/news/inte...arch-findings/

Original findings:
https://security.googleblog.com/2018...-you-need.html

An article with useful links:
https://thehackernews.com/2018/01/in...erability.html

And, the two exploits:
https://meltdownattack.com/
 
2 members found this post helpful.
Old 01-03-2018, 06:08 PM   #671
Skaendo
Senior Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 1,445

Rep: Reputation: Disabled
Quote:
Originally Posted by abga View Post
New Intel/AMD/ARM CPUs that are implementing speculative execution ( https://en.wikipedia.org/wiki/Speculative_execution ) look to be affected by a new security issue. A new kernel patch / maybe a whole new kernel will be soon required:
"
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
"
https://newsroom.intel.com/news/inte...arch-findings/

Original findings:
https://security.googleblog.com/2018...-you-need.html

An article with useful links:
https://thehackernews.com/2018/01/in...erability.html

And, the two exploits:
https://meltdownattack.com/
This has actually been known about since June 2017, and is going to severely impact the performance of processors from 5% to 30%.

MS started rolling out patches to their fast tier insider testers in November 2017.
 
Old 01-03-2018, 06:50 PM   #672
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,718

Rep: Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857
Quote:
Originally Posted by Skaendo View Post
This has actually been known about since June 2017, and is going to severely impact the performance of processors from 5% to 30%.

MS started rolling out patches to their fast tier insider testers in November 2017.
https://www.cnbc.com/2018/01/03/amd-...its-chips.html
 
Old 01-03-2018, 07:21 PM   #673
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,634

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
Quote:
Originally Posted by Skaendo View Post
This has actually been known about since June 2017, and is going to severely impact the performance of processors from 5% to 30%.

MS started rolling out patches to their fast tier insider testers in November 2017.
I wasn't aware of any official statements / acceptance until now and couldn't find any reference here in the Slackware forums (apart from the confusing discussion in the kernel thread). It looks like the Spectre vulnerability is still not addressed yet (as per Wikipedia):

https://en.wikipedia.org/wiki/Spectr...vulnerability)

Last edited by abga; 01-03-2018 at 10:14 PM. Reason: Changed Wikipedia url - they dedicated a whole article on the Spectre vulnerability
 
1 members found this post helpful.
Old 01-03-2018, 08:20 PM   #674
Skaendo
Senior Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 1,445

Rep: Reputation: Disabled
Quote:
Originally Posted by abga View Post
I wasn't aware of any official statements / acceptance until now and couldn't find any reference here in the Slackware forums (apart from the confusing discussion in the kernel thread).
Yea, it wasn't widely known until the news "broke" the past day or so. A friend of mine told me that they were informed about it in late October.
 
Old 01-04-2018, 07:20 AM   #675
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 8,792

Rep: Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656Reputation: 6656
Quote:
Originally Posted by abga View Post
New Intel/AMD/ARM CPUs that are implementing speculative execution ( https://en.wikipedia.org/wiki/Speculative_execution ) look to be affected by a new security issue. A new kernel patch / maybe a whole new kernel will be soon required:
AMD states they are not vulnerable to this. Tom Lendacky, who is a software engineer at AMD, states:

Quote:
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

SOURCE: http://lkml.iu.edu/hypermail/linux/k...2.3/00675.html
However, with the quick fixes that went into the kernel, AMD CPUs are still flagged as "insecure", so it will be hit with the performance penalty unless you pass the nopti kernel option when booting. But the patch to disable this automatically on AMD CPUs has apparently been pulled "in mainline for Linux 4.15", I assume to be included in the next release.
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration