LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-10-2018, 03:31 AM   #781
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 224

Rep: Reputation: 177Reputation: 177

linux-4.4.160 is released with 2 security fixes. One concerning ext4.
Quote:
commit cd3d6463759d21f4093d3434effacc358dd0caf8
Author: Theodore Ts'o <tytso@mit.edu>
Date: Sat Jun 16 15:40:48 2018 -0400

ext4: never move the system.data xattr out of the inode body

commit 8cdb5240ec5928b20490a2bb34cb87e9a5f40226 upstream.

When expanding the extra isize space, we must never move the
system.data xattr out of the inode body. For performance reasons, it
doesn't make any sense, and the inline data implementation assumes
that system.data xattr is never in the external xattr block.

This addresses CVE-2018-10880

https://bugzilla.kernel.org/show_bug.cgi?id=200005

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
3 members found this post helpful.
Old 10-18-2018, 11:52 AM   #782
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 467

Rep: Reputation: 254Reputation: 254Reputation: 254
Ruby

Ruby versions 2.3.8, 2.4.5 and 2.5.3 fixes the following security vulnerabilities:
https://www.ruby-lang.org/en/news/20...ve-2018-16395/
https://www.ruby-lang.org/en/news/20...ve-2018-16396/
https://cache.ruby-lang.org/pub/ruby...y-2.3.8.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.4.5.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.5.3.tar.xz
 
1 members found this post helpful.
Old 11-04-2018, 06:35 PM   #783
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 723

Rep: Reputation: 405Reputation: 405Reputation: 405Reputation: 405Reputation: 405
A new CPU vulnerability, dubbed PortSmash was made public, exploiting the Hyper-Threading system, affecting Intel CPUs (demonstrated on SkyLake & KabyLaKe) and potentially AMD too. It has a CVE reserved: CVE-2018-5407
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-5407
Info:
https://arstechnica.com/information-...s-crypto-keys/
Proof of concept:
https://github.com/bbbrumley/portsmash
According to the following article, OpenSSL 1.1.1 (comes with Slackware - current) looks to make the attack unfeasible:
https://www.zdnet.com/article/intel-...vulnerability/

Mitigation (so far & as far as I understood it) - disable Hyper-Threading (if possible), OpenSSL related - use 1.1.1
 
5 members found this post helpful.
Old 11-05-2018, 12:46 AM   #784
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 224

Rep: Reputation: 177Reputation: 177
mariadb-10.0.37 is released with many security fixes.
 
3 members found this post helpful.
Old 11-14-2018, 04:01 PM   #785
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 723

Rep: Reputation: 405Reputation: 405Reputation: 405Reputation: 405Reputation: 405
Brace yourselves, or, enjoy the apparently never ending Whac-A-Mole, as 7 more spectre/meltdown related speculative execution attacks have been published, affecting Intel/AMD/ARM. No CVE yet assigned and no mitigation available, I guess there will be some more microcode updates & kernel patches released.
Article:
https://arstechnica.com/gadgets/2018...ution-attacks/
Research paper:
https://arxiv.org/pdf/1811.05441.pdf
 
4 members found this post helpful.
Old 11-14-2018, 04:58 PM   #786
GazL
Senior Member
 
Registered: May 2008
Posts: 4,793
Blog Entries: 14

Rep: Reputation: Disabled
Oh great. I expect that'll be another 5% or so performance loss on top of all the other mitigations that have already slowed our systems down.

Thanks for the heads up.
 
Old 11-27-2018, 02:17 AM   #787
elcore
Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 548

Rep: Reputation: Disabled
Binutils 2.26 in 14.2 may possibly be flawed, exploitable.

https://security.gentoo.org/glsa/201811-17
 
Old 11-27-2018, 01:56 PM   #788
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,609

Rep: Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912Reputation: 4912
Quote:
Originally Posted by elcore View Post
Binutils 2.26 in 14.2 may possibly be flawed, exploitable.

https://security.gentoo.org/glsa/201811-17
I'm not sure I see how a segfault (resulting in a "denial of service") in something like binutils is actually a security related bug. You have an intentionally corrupt ELF object (aka specially crafted) that causes the linker or assembler to crash disrupting the compile. But how is that a security issue? Unless there's an overflow that allows execution of arbitrary code (I've seen no such reports in any of the CVEs) then it's simply a crash of a userspace program. App crashes aren't security issues IMHO.
 
4 members found this post helpful.
Old 11-28-2018, 05:34 AM   #789
elcore
Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 548

Rep: Reputation: Disabled
Thanks for looking into it, just posted because they did say remote in the article.
I guess netfilter could easily mitigate the dos, if there is any.
 
Old 11-29-2018, 11:49 AM   #790
GazL
Senior Member
 
Registered: May 2008
Posts: 4,793
Blog Entries: 14

Rep: Reputation: Disabled
Yeah, seems declaring something as "remotely exploitable" is in fashion these days: even when there's nothing remotely "remote" about it.
 
Old 12-01-2018, 04:19 AM   #791
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 224

Rep: Reputation: 177Reputation: 177
Multiple CVE are fixed in linux-4.4.166 (and others concerning ext4 before) :

Quote:
commit 3658ccbbac39cc634e357ee08ff46d0893cbc111
Author: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Date: Thu Aug 23 17:00:35 2018 -0700

namei: allow restricted O_CREAT of FIFOs and regular files

commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 upstream.

Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.

This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:

CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489

This list is not meant to be complete. It's difficult to track down all
vulnerabilities of this kind because they were often reported without any
mention of this particular attack vector. In fact, before
hardlinks/symlinks restrictions, fifos/regular files weren't the favorite
vehicle to exploit them.

[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter]
Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda
Link: http://lkml.kernel.org/r/1524829819-...ca16@gmail.com
[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future]
[keescook@chromium.org: adjust commit subjet]
Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Suggested-by: Solar Designer <solar@openwall.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Loic <hackurx@opensec.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
4 members found this post helpful.
Old 12-01-2018, 10:47 AM   #792
alex14641
Member
 
Registered: Feb 2016
Distribution: Slackware64_14.1, Slackware64_14.2, Slackware64_current
Posts: 123

Rep: Reputation: Disabled
A side channel attack on various SSL libraries

OpenSSL is in the list.

https://www.theregister.co.uk/2018/1...broken_crypto/
 
3 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration