LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-14-2018, 03:55 PM   #766
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 721

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404

If you haven't had enough from the previous Intel CPU bugs, you might want to consider the following 3 fresh ones:
https://www.theregister.co.uk/2018/0...al_fault_bugs/
https://www.intel.com/content/www/us...-sa-00161.html
"
Recommendations:

Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.
"
CVEs:
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3615
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3620
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3646

Last edited by abga; 08-20-2018 at 02:35 PM. Reason: removed kernel patch (work in progress) + rewording - shorter format + update
 
2 members found this post helpful.
Old 08-15-2018, 10:52 PM   #767
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 721

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
I removed twice some details I provided originally in the previous post just because there was work in progress in understanding and mitigating the issues reported there. I considered keeping the post factual and informative.

Lately RedHat published some details about these vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) and are stating, without mentioning the exact CVE (sloppy work), that only CVE-2018-3615 - the one related solely to the Intel SGX - needs a microcode update:
https://access.redhat.com/security/vulnerabilities/L1TF
"There are three pieces to this vulnerability. The first affects only Intel “SGX” secure enclaves and is mitigated through microcode updates independently of the operating system. "
and:
"CVE-2018-3620 is the CVE identifier assigned to the operating system vulnerability for this issue. CVE-2018-3646 is the CVE identifier assigned to the virtualization aspect of the flaw. This issue is referred to as L1 Terminal Fault (L1TF) by the larger industry and as “Foreshadow” by the security researcher."
Which reads that only CVE-2018-3620 needs to be mitigated by the kernel ATM, CVE-2018-3646 being only the "virtualization aspect of the flaw".
 
2 members found this post helpful.
Old 08-16-2018, 01:29 AM   #768
Petri Kaukasoina
Member
 
Registered: Mar 2007
Posts: 353

Rep: Reputation: 199Reputation: 199
There is lots of information about L1 Terminal Fault available in the kernel sources: linux-4.18.1/Documentation/admin-guide/l1tf.rst or https://github.com/torvalds/linux/bl...guide/l1tf.rst
 
3 members found this post helpful.
Old 08-16-2018, 12:30 PM   #769
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 721

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
Quote:
Originally Posted by Petri Kaukasoina View Post
There is lots of information about L1 Terminal Fault available in the kernel sources: linux-4.18.1/Documentation/admin-guide/l1tf.rst or https://github.com/torvalds/linux/bl...guide/l1tf.rst
Thanks for the informative link that looks to be written (Aug 5, 2018) before the official disclosure on Aug 14, 2018. I wouldn't take all that is written there as 100% accurate, especially the affected processors section. You see, not even Intel, the manufacturer, knows which CPUs are affected, check the "Affected products:" section:
https://www.intel.com/content/www/us...-sa-00161.html
As for AMD and ARM, I'd keep an open mind:
https://foreshadowattack.eu/
" What about other processors (AMD/ARM)?

The original Foreshadow attack affects most SGX-enabled Intel processors. As SGX is currently present only in Intel CPUs, we are unaware of Foreshadow affecting other CPU vendors. To the best of our understanding, Foreshadow-NG only affects Intel processors. However, we are still working to better understand the implications of Foreshadow-NG and this answer might change as the situation develops. "

Regarding the microcode updates for the mitigation of CVE-2018-3615 and maybe other, older, Intel SGX related issues, Intel published some info and benchmarks. Again, without being specific, they mention the microcode updates released earlier this year as sufficient for the mitigation.
https://www.intel.com/content/www/us...logy/l1tf.html
"The microcode updates released earlier this year when coupled with operating system and hypervisor software available from our industry partners, ensure consumers, IT professionals and cloud service providers have access to the protections they need. Intel recommends people keep their systems up to date to protect against the evolving threat landscape."
 
Old 08-23-2018, 07:21 AM   #770
drgibbon
Member
 
Registered: Nov 2014
Distribution: Slackware64 14.2
Posts: 412

Rep: Reputation: 235Reputation: 235Reputation: 235
Looks like serious problems with Ghostscript have been found, although no patches as yet (some mitigations here).

Last edited by drgibbon; 08-23-2018 at 07:23 AM.
 
4 members found this post helpful.
Old 08-31-2018, 03:44 PM   #772
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 721

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
Quote:
Originally Posted by abga View Post
If you haven't had enough from the previous Intel CPU bugs, you might want to consider the following 3 fresh ones:
https://www.theregister.co.uk/2018/0...al_fault_bugs/
https://www.intel.com/content/www/us...-sa-00161.html
"
Recommendations:

Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.
"
CVEs:
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3615
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3620
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3646
The work at kernel.org related to these new vulnerabilities has come to some final results and the latest kernels provided by Slackware are containing the mitigations.
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.153
https://github.com/torvalds/linux/co...2d2b416c87e011

The doc at kernel.org about the L1TF / Foreshadow mitigation an the related kernel boot parameters:
https://www.kernel.org/doc/html/late...lt-mitigations

Plus, some interesting benchmarks related to the L1TF fixes (and not only):
https://www.phoronix.com/scan.php?pa...rly-look&num=1
https://www.phoronix.com/scan.php?pa...dow-xeon&num=1
https://www.phoronix.com/scan.php?pa...igations&num=1
https://www.phoronix.com/scan.php?pa...icrocode&num=3
 
Old 08-31-2018, 11:48 PM   #773
glorsplitz
Member
 
Registered: Dec 2002
Distribution: slackware!
Posts: 641

Rep: Reputation: 126Reputation: 126
Not sure what I'm not missing.

From Tue Aug 28 22:05:19 UTC 2018 Stable ChangeLog for x86_64
"To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities"

I did and found these files:
l1tf, meltdown, spec_store_bypass, spectre_v1, spectre_v2

spec_store_bypass says "Vulnerable"

magicm in this post ran spectre-meltdown-checker.sh, so I did and found

Checking for vulnerabilities on current system
Kernel is Linux 4.4.153 #1 SMP Tue Aug 28 16:08:22 CDT 2018 x86_64
CPU is Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)

I did SBo intel-microcode SlackBuild as magicm did but CVE-2018-3640 says same thing.

I see /lib/firmware/intel-ucode/, "intel-microcode (20180807)" SBo didn't address my cpu?

EDIT: SBo says "INITRD /boot/intel-ucode.cpio,/boot/initrd-generic.gz" is that when doing mkinitrd?

Looks like some CVE are handled by distribution as did slackware for l1tf and some CVE by end-user.

I don't know much about handling CVE, I'm trying to learn and understand now.

Last edited by glorsplitz; 08-31-2018 at 11:53 PM.
 
Old 09-01-2018, 03:51 PM   #774
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 721

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
It looks like you don't have the latest microcode for your CPU, thus no microcode mitigations for CVE-2018-3639, CVE-2018-3640 and maybe also none for the CVEs related to L1TF / Foreshadow.
Your older Ivy Bridge CPU is Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz should have the latest microcode 0x20, that's according to the latest Intel Microcode Revision Guidance - August 8 2018 - Page 10:
https://www.intel.com/content/dam/ww...e-guidance.pdf
Check what the Intel microcode updater is reporting in dmesg and let's move to this more appropriate thread:
https://www.linuxquestions.org/quest...4/#post5888824

Last edited by abga; 09-01-2018 at 03:59 PM. Reason: appropriate
 
Old 09-01-2018, 08:21 PM   #775
glorsplitz
Member
 
Registered: Dec 2002
Distribution: slackware!
Posts: 641

Rep: Reputation: 126Reputation: 126
Thanks abga, unfortunately I'm a little busy right now, will get to other thread when I have time.
 
Old 09-02-2018, 10:06 PM   #776
glorsplitz
Member
 
Registered: Dec 2002
Distribution: slackware!
Posts: 641

Rep: Reputation: 126Reputation: 126
I'm all set, followed what zakame did in this post.
 
Old 09-02-2018, 10:17 PM   #777
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 721

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
Quote:
Originally Posted by glorsplitz View Post
I'm all set
... for now ...
https://www.blackhat.com/us-18/brief...x86-cpus-10194
https://www.youtube.com/watch?v=_eSAF_qT_FY
 
1 members found this post helpful.
Old 09-02-2018, 10:34 PM   #778
glorsplitz
Member
 
Registered: Dec 2002
Distribution: slackware!
Posts: 641

Rep: Reputation: 126Reputation: 126
There will always be security exploiter creators, how else do virus companies stay in business?

Last edited by glorsplitz; 09-02-2018 at 10:48 PM.
 
Old 09-05-2018, 02:17 AM   #779
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 218

Rep: Reputation: 168Reputation: 168
curl-7.61.1 is released with security fix.
https://curl.haxx.se/download/curl-7.61.1.tar.xz
https://curl.haxx.se/download/curl-7.61.1.tar.xz.asc

Quote:
NTLM password overflow via integer overflow
===========================================

Project curl Security Advisory, September 5th 2018 -
[Permalink](https://curl.haxx.se/docs/CVE-2018-14618.html)

VULNERABILITY
-------------

libcurl contains a buffer overrun in the NTLM authentication code.

The internal function `Curl_ntlm_core_mk_nt_hash` multiplies the `length` of
the password by two (SUM) to figure out how large temporary storage area to
allocate from the heap.

The `length` value is then subsequently used to iterate over the password and
generate output into the allocated storage buffer. On systems with a 32 bit
`size_t`, the math to calculate SUM triggers an integer overflow when the
password length exceeds 2GB (2^31 bytes). This integer overflow usually causes
a very small buffer to actually get allocated instead of the intended very
huge one, making the use of that buffer end up in a heap buffer overflow.

(This bug is almost identical to
[CVE-2017-8816](https://curl.haxx.se/docs/CVE-2017-8816.html).)

We are not aware of any exploit of this flaw.

INFO
----

This bug was introduced in commit
[be285cde3f](https://github.com/curl/curl/commit/be285cde3f), April 2006.

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2018-14618 to this issue.

CWE-131: Incorrect Calculation of Buffer Size

AFFECTED VERSIONS
-----------------

This issue is only present on 32 bit systems. It also requires the password
field to use more than 2GB of memory, which should be rare.

- Affected versions: libcurl 7.15.4 to and including 7.61.0
- Not affected versions: libcurl < 7.15.4 and >= 7.61.1

curl is used by many applications, but not always advertised as such.

THE SOLUTION
------------

In libcurl version 7.61.1, the integer overflow is avoided.

A [patch for
CVE-2018-14618](https://github.com/curl/curl/commit/...b0418243.patch)
is available.

RECOMMENDATIONS
---------------

We suggest you take one of the following actions immediately, in order of
preference:

A - Upgrade curl to version 7.61.1

B - Apply the patch to your version and rebuild

C - Put length restrictions on the password you can pass to libcurl
 
2 members found this post helpful.
Old 09-06-2018, 05:13 PM   #780
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 FVWM
Posts: 546

Rep: Reputation: 146Reputation: 146
Ghostscript 9.24 breaks printing on Slackware 14.2

Quote:
Originally Posted by ecd102 View Post
According to https://www.kb.cert.org/vuls/id/332928 , the patches are available now.

As I tried to apply, we also need the following patch:
http://git.ghostscript.com/?p=ghostp...iff;h=0b6cd191

And we have to apply the patches in the following order:
http://git.ghostscript.com/?p=ghostp...ain;h=b326a716
http://git.ghostscript.com/?p=ghostp...ain;h=c3476dde
http://git.ghostscript.com/?p=ghostp...ain;h=0d390118
http://git.ghostscript.com/?p=ghostp...ain;h=a054156d
http://git.ghostscript.com/?p=ghostp...ain;h=0edd3d6c
http://git.ghostscript.com/?p=ghostp...ain;h=78911a01
http://git.ghostscript.com/?p=ghostp...ain;h=b575e1ec
http://git.ghostscript.com/?p=ghostp...ain;h=0b6cd191
http://git.ghostscript.com/?p=ghostp...ain;h=c432131c
http://git.ghostscript.com/?p=ghostp...ain;h=241d9111
http://git.ghostscript.com/?p=ghostp...ain;h=8e9ce501
http://git.ghostscript.com/?p=ghostp...ain;h=5516c614
http://git.ghostscript.com/?p=ghostp...ain;h=e01e77a3
After applying the latest Ghostscript 9.24 with ghostscript-fonts-std-8.11-noarch-1 from PV I could no longer print from Waterfox 56.2.2 or from Chromium (AlienBob 68.0.3440.84). By backing out to 5.19 printing started again.

Is this a problem with the installation process or does it mean a rebuild of Waterfox and wait for AlienBob to rebuild Chromium? The interesting thing is that Konqueror had no problem with printing with the Ghostscript 9.24 in place.

System setting. Slackware 64 14.2 multilib and 4.14.67 kernel with HP Laserjet 3380 and HPLIP-3.16.5 version. Ghostscript 9.24 generates error from localhost:631 for print jobs is "Filter Failed".

Suggestions appreciated. Cheers, BrianA_MN

9-9-18 Upgraded to patched 9.24 from official patches and everything is back to working. Thanks PV.

Last edited by bamunds; 09-11-2018 at 06:27 PM. Reason: update status
 
1 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration