LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-30-2018, 05:19 PM   #721
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 456

Rep: Reputation: 233Reputation: 233Reputation: 233

As predicted, after the Meltdown&Spectre discovery and recent mitigations, some new practical side-channel attacks on the branch prediction algorithms are discovered and published, affecting Intel processors.
Fresh article describing BranchScope and Intel's response (end of the article):
https://arstechnica.com/gadgets/2018...ction-attacks/
The research paper itself:
http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf

There might be more firmware/kernel/compiler patching coming ahead.
 
2 members found this post helpful.
Old 04-09-2018, 01:05 PM   #722
Petri Kaukasoina
Member
 
Registered: Mar 2007
Posts: 335

Rep: Reputation: 180Reputation: 180
Slackware-current upgraded to openssh-7.7p1, with
  • Build and link with "retpoline" flags when available to mitigate the "branch target injection" style (variant 2) of the Spectre branch-prediction vulnerability.
Would it be a good idea to have it in 14.2, too?
 
Old 04-18-2018, 05:09 AM   #723
elcore
Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 492

Rep: Reputation: Disabled
I've seen on a news feed some gdk-pixbuf remote exploit.
Could be an affected version in 14.x
 
Old 04-18-2018, 06:49 AM   #724
drgibbon
Member
 
Registered: Nov 2014
Distribution: Slackware64 14.2
Posts: 402

Rep: Reputation: 231Reputation: 231Reputation: 231
Quote:
Originally Posted by elcore View Post
I've seen on a news feed some gdk-pixbuf remote exploit.
Could be an affected version in 14.x
The link you gave says the vulnerability exists in versions < 2.36.11 (CVE says <= 2.36.8), since Slackware has 2.32.3, then it should be affected.
 
Old 04-18-2018, 01:06 PM   #725
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,519

Rep: Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434
Quote:
Originally Posted by elcore View Post
I've seen on a news feed some gdk-pixbuf remote exploit.
Could be an affected version in 14.x
This is a denial of service issue, occuring when gdk_pixbuf attempts to load a GIF in excess of 5G in size.

There's no patch available for the versions of gdk_pixbuf in Slackware 14.2 or earlier, and the patches created for the newest gdk_pixbuf use functions that are unavailable in earlier versions.

I'll consider applying working, tested patches if anyone has any. Incorrect patches, however, are likely to be more hazardous than this CVE.
 
4 members found this post helpful.
Old 04-19-2018, 03:06 AM   #726
phenixia2003
Member
 
Registered: May 2006
Location: France
Distribution: Slackware
Posts: 803

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Hello,

Quote:
Originally Posted by volkerdi View Post
This is a denial of service issue, occuring when gdk_pixbuf attempts to load a GIF in excess of 5G in size.

There's no patch available for the versions of gdk_pixbuf in Slackware 14.2 or earlier, and the patches created for the newest gdk_pixbuf use functions that are unavailable in earlier versions.

I'll consider applying working, tested patches if anyone has any. Incorrect patches, however, are likely to be more hazardous than this CVE.
there's a backport of the patch for CVE-2017-1000422 available for debian jessie which comes with gdk-pixbuf-2.31. See here.


I've successfully rebuild gdk-pixbuf-2.32.3 (14.2) with this patch, but I didn't test it .

--
SeB
 
Old 04-21-2018, 05:47 AM   #727
elcore
Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 492

Rep: Reputation: Disabled
Thanks for looking into it, tbh I suspected it could possibly run remote code and not just load inflated gifs.
Guess it's not as serious as it could've been, and I just assumed the worst scenario.
 
Old 04-21-2018, 09:50 AM   #728
drgibbon
Member
 
Registered: Nov 2014
Distribution: Slackware64 14.2
Posts: 402

Rep: Reputation: 231Reputation: 231Reputation: 231
I don't know, the Debian announcement lists "memory corruption and potential code execution", and there's a claim that it can be triggered with a "much smaller file".
 
Old 04-24-2018, 10:58 AM   #729
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 208

Rep: Reputation: 155Reputation: 155
linux-4.4.129 is released with an ext4 security fix.

Quote:
commit 990251318b97ed7153d9adbf633035536c7d685b
Author: Theodore Ts'o <tytso@mit.edu>
Date: Thu Mar 29 21:56:09 2018 -0400

ext4: fail ext4_iget for root directory if unallocated

commit 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 upstream.

If the root directory has an i_links_count of zero, then when the file
system is mounted, then when ext4_fill_super() notices the problem and
tries to call iput() the root directory in the error return path,
ext4_evict_inode() will try to free the inode on disk, before all of
the file system structures are set up, and this will result in an OOPS
caused by a NULL pointer dereference.

This issue has been assigned CVE-2018-1092.

https://bugzilla.kernel.org/show_bug.cgi?id=199179
https://bugzilla.redhat.com/show_bug.cgi?id=1560777

Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
2 members found this post helpful.
Old 04-24-2018, 11:12 AM   #730
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 4,007
Blog Entries: 1

Rep: Reputation: 1287Reputation: 1287Reputation: 1287Reputation: 1287Reputation: 1287Reputation: 1287Reputation: 1287Reputation: 1287Reputation: 1287
Quote:
Originally Posted by Thom1b View Post
linux-4.4.129 is released with an ext4 security fix.
This is also listed in the 4.16.4, 4.14.36, 4.9.96 and 3.18.106 change logs.

Last edited by cwizardone; 04-24-2018 at 11:20 AM.
 
1 members found this post helpful.
Old 04-28-2018, 10:51 AM   #731
Ne01eX
Member
 
Registered: Mar 2018
Location: Ekaterinburg region, Ural, Russian Federation
Distribution: Slackware, RTK GNU/Linux
Posts: 173

Rep: Reputation: 22
Lightbulb

bash-4.4# cat bzip2recover-CVE-2016-3189.patch

Code:
Author: Jakub Martisko <jamartis@redhat.com>
Date: Wed, 30 Mar 2016 10:22:27 +0200
Description: bzip2recover: Fix potential use-after-free
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
Bug-Debian: https://bugs.debian.org/827744

--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
             bsPutUInt32 ( bsWr, blockCRC );
             bsClose ( bsWr );
+            outFile = NULL;
          }
          if (wrBlock >= rbCtr) break;
          wrBlock++;
 
Old 04-28-2018, 11:36 AM   #732
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,519

Rep: Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434
Quote:
Originally Posted by Ne01eX View Post
bash-4.4# cat bzip2recover-CVE-2016-3189.patch
https://access.redhat.com/security/cve/cve-2016-3189

Quote:
Statement

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/u...lassification/.
 
2 members found this post helpful.
Old 04-28-2018, 11:58 AM   #733
Ne01eX
Member
 
Registered: Mar 2018
Location: Ekaterinburg region, Ural, Russian Federation
Distribution: Slackware, RTK GNU/Linux
Posts: 173

Rep: Reputation: 22
Thanks for answer, Pat. Really.

Another link: https://www.cvedetails.com/cve/CVE-2016-3189/

Or you need link to exploit for using CVE-2016-3189? o_O

However, if you think that this is not worthy of attention, then so be it. :-)
 
Old 04-28-2018, 12:09 PM   #734
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,519

Rep: Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434Reputation: 4434
"Exploit"? Really?

OK, let's see something that causes a privilege escalation then.

Don't pollute this thread with reports on CVEs that are so worthless that nobody is going to fix them. A local app crash due to malformed input is not a security issue.
 
2 members found this post helpful.
Old 04-28-2018, 12:55 PM   #735
Ne01eX
Member
 
Registered: Mar 2018
Location: Ekaterinburg region, Ural, Russian Federation
Distribution: Slackware, RTK GNU/Linux
Posts: 173

Rep: Reputation: 22
Smile

Quote:
Originally Posted by volkerdi View Post
"Exploit"? Really?

OK, let's see something that causes a privilege escalation then.

Don't pollute this thread with reports on CVEs that are so worthless that nobody is going to fix them. A local app crash due to malformed input is not a security issue.
Ok.
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration