LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-11-2019, 10:09 AM   #826
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Kernel 4.4.181


https://cdn.kernel.org/pub/linux/ker...4.4.181.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.181
Quote:
commit 98529ecd313bbeff006930056dad26529510054f
Author: Sriram Rajagopalan
Date: Fri May 10 19:28:06 2019 -0400

ext4: zero out the unused memory region in the extent tree block

commit 592acbf16821288ecdc4192c47e3774a4c48bb64 upstream.

This commit zeroes out the unused memory region in the buffer_head
corresponding to the extent metablock after writing the extent header
and the corresponding extent node entries.

This is done to prevent random uninitialized data from getting into
the filesystem when the extent block is synced.

This fixes CVE-2019-11833.
This commit is already included in kernel 4.19.y in -current (was added in 4.19.45).

Last edited by mats_b_tegner; 06-11-2019 at 04:16 PM.
 
2 members found this post helpful.
Old 06-18-2019, 08:20 AM   #827
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
TCP SACK Panic etc

Kernels 4.4.182 and 4.19.52 fixes the following CVEs:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.182
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.52
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11477
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11478
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11479
https://github.com/Netflix/security-...ty/2019-001.md

TCP SACK can be temporarily disabled by issuing the following command(s) as root:
To check if you are vulnerable:
Code:
sysctl net.ipv4.tcp_sack
Disable with:
Code:
sysctl -w net.ipv4.tcp_sack=0
Edit:
Updated kernel packages are now available according to the latest ChangLogs.

Last edited by mats_b_tegner; 06-18-2019 at 07:58 PM. Reason: Added temporary workaround
 
3 members found this post helpful.
Old 06-18-2019, 12:10 PM   #828
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Firefox ESR 60.7.1

https://www.mozilla.org/en-US/securi...s/mfsa2019-18/
https://ftp.mozilla.org/pub/firefox/....source.tar.xz
https://ftp.mozilla.org/pub/firefox/...rce.tar.xz.asc
Edit:
An updated mozilla-firefox package is available according to the latest ChangLogs.

Last edited by mats_b_tegner; 06-20-2019 at 02:54 PM.
 
2 members found this post helpful.
Old 07-10-2019, 07:06 AM   #829
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 9,508

Rep: Reputation: Disabled
Fixed among others in Firefox 60.8esr and Firefox68:
https://www.mozilla.org/en-US/securi...CVE-2019-11709
Maybe not "so" critical when you read "... we presume that with enough effort that some of these could be exploited to run arbitrary code." but it doesn't hurt to be safe. Anyway I have upgraded for Slint to 60.8esr.

PS now that 68.0 is also tagged esr, maybe Pat is weighing which one to provide for -current and -stable?

EDIT: looks like he decided to ship 68.0esr in both:
xap/mozilla-firefox-68.0esr-x86_64-1.txz: Upgraded.
patches/packages/mozilla-firefox-68.0esr-x86_64-1_slack14.2.txz: Upgraded.
And that needed to upgrade rust.

Last edited by Didier Spaier; 07-10-2019 at 07:41 PM.
 
Old 07-28-2019, 05:08 PM   #830
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Regression fix for CVE-2019-11478 (TCP SACK Panic) is available in kernel 4.19.62
https://cdn.kernel.org/pub/linux/ker...4.19.62.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.62
Quote:
commit 6323c238bb4374d1477348cfbd5854f2bebe9a21
Author: Eric Dumazet
Date: Fri Jul 19 11:52:33 2019 -0700

tcp: be more careful in tcp_fragment()

[ Upstream commit b617158dc096709d8600c53b6052144d12b89fab ]

Some applications set tiny SO_SNDBUF values and expect
TCP to just work. Recent patches to address CVE-2019-11478
broke them in case of losses, since retransmits might be prevented.

We should allow these flows to make progress.

This patch allows the first and last skb in retransmit queue
to be split even if memory limits are hit.

It also adds some room due to the fact that tcp_sendmsg()
and tcp_sendpage() might overshoot sk_wmem_queued by about one full
TSO skb (64KB size). Note this allowance was already present
in stable backports for kernels < 4.15

Note for < 4.15 backports :
tcp_rtx_queue_tail() will probably look like :

static inline struct sk_buff *tcp_rtx_queue_tail(const struct sock *sk)
{
struct sk_buff *skb = tcp_send_head(sk);

return skb ? tcp_write_queue_prev(sk, skb) : tcp_write_queue_tail(sk);
}

Fixes: f070ef2ac667 ("tcp: tcp_fragment() should apply sane memory limits")
Edit:
Updated kernel packages are available for -current according to the latest ChangeLogs.

Last edited by mats_b_tegner; 08-05-2019 at 06:42 AM. Reason: My mistake it's a regression rather than a security fix
 
3 members found this post helpful.
Old 07-29-2019, 02:42 AM   #831
Labinnah
Member
 
Registered: May 2014
Location: Łódź, Poland
Distribution: Slackware-current
Posts: 185

Rep: Reputation: 111Reputation: 111
proftpd

CVE-2019-12815: mod_copy Incorrect Access Control
Description: Issueing CPFR, CPTO commands to a ProFTPd server allows users without write permissions to copy any file on the FTP server.

https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-12815
https://github.com/proftpd/proftpd/pull/816
 
1 members found this post helpful.
Old 08-04-2019, 02:55 PM   #832
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Kernel 4.19.64 fixes CVE-2019-3900 and CVE-2019-10207
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.64
Updated kernel packages are available for -current according to the latest ChangLogs:
Quote:
Mon Aug 5 07:33:15 UTC 2019
a/kernel-generic-4.19.64-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.19.64_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.19.64-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.19.64_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.19.64-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.19.64_smp-i686-1.txz: Upgraded
d/kernel-headers-4.19.64_smp-x86-1.txz: Upgraded.
k/kernel-source-4.19.64_smp-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.64-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.64-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.64-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.64-x86-1.txz: Upgraded.
k/kernel-source-4.19.64-noarch-1.txz: Upgraded.
Kernel 4.4.187 fixes CVE-2019-10207 and CVE-2019-13648
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.187

Last edited by mats_b_tegner; 08-05-2019 at 06:39 AM. Reason: Kernel 4.19.64 packages are available
 
1 members found this post helpful.
Old 08-07-2019, 01:31 AM   #833
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Spectre v1 variant SWAPGS (CVE-2019-1125)

Looks like another Spectre v1 variant has reared its ugly head:
https://www.phoronix.com/scan.php?pa...19-1125-SWAPGS
https://access.redhat.com/articles/4329821
https://git.kernel.org/pub/scm/linux...4fa9d83733bb11

Kernel 4.19.65 seems to already include SWAPGS mitigations:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.65
Updated kernel packages for -current are already available according to the latest ChangeLogs:
Quote:
Wed Aug 7 05:27:04 UTC 2019
a/kernel-generic-4.19.65-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.19.65_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.19.65-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.19.65_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.19.65-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.19.65_smp-i686-1.txz: Upgraded.
d/kernel-headers-4.19.65_smp-x86-1.txz: Upgraded.
k/kernel-source-4.19.65_smp-noarch-1.txz: Upgraded.
extra/linux-4.19.65-nosmp-sdk/*: Upgraded.
a/kernel-generic-4.19.65-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.65-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.65-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.65-x86-1.txz: Upgraded.
k/kernel-source-4.19.65-noarch-1.txz: Upgraded.

Last edited by mats_b_tegner; 08-13-2019 at 04:23 AM. Reason: Updated kernel packages available for -current
 
3 members found this post helpful.
Old 08-07-2019, 10:33 AM   #834
ehartman
Senior Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 1,674

Rep: Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884
New Intel vulnerability

According to news (http://www.bitdefender.com/news/bitd...sors-3722.html I've found, they've detected a new problem with Intel CPUs that doesn't have anything to do with Spectre and/or Meltdown, so isn't fixed by the current migations in the kernel.
 
1 members found this post helpful.
Old 08-07-2019, 12:41 PM   #835
philanc
Member
 
Registered: Jan 2011
Posts: 262

Rep: Reputation: 236Reputation: 236Reputation: 236
Quote:
Originally Posted by ehartman View Post
According to news (http://www.bitdefender.com/news/bitd...sors-3722.html I've found, they've detected a new problem with Intel CPUs that doesn't have anything to do with Spectre and/or Meltdown, so isn't fixed by the current migations in the kernel.
This is the SWAPGS vulnerability (a Spectre V1 variant) as described in the previous mats_b_tegner detailed post.

It is fixed in kernel versions 4.19.65 (the last Slackware current kernel, updated today -- again a very timely update. Thanks Pat!) and 4.14.137.

The last 4.4 kernel (4.4.188) doesn't seem to have a fix for this (I don't know if it means that it is not vulnerable, or if the patch is to come later?) So for the moment Slackware 14.2 is out of luck regarding this vulnerability...

Last edited by philanc; 08-07-2019 at 12:44 PM.
 
3 members found this post helpful.
Old 08-08-2019, 05:03 AM   #836
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Kernel 4.4.189

Quote:
Originally Posted by philanc View Post
This is the SWAPGS vulnerability (a Spectre V1 variant) as described in the previous mats_b_tegner detailed post.

It is fixed in kernel versions 4.19.65 (the last Slackware current kernel, updated today -- again a very timely update. Thanks Pat!) and 4.14.137.

The last 4.4 kernels (4.4.188) doesn't seem to have a fix for this (I don't know if it means that it is not vulnerable, or if the patch is to come later?) So for the moment Slackware 14.2 is out of luck regarding this vulnerability...
Update 2019-08-14:
Kernel 4.4.189 packages are available now and it includes Spectre v1 SWAPGS mitigations (CVE 2019-1125)
Quote:
Wed Aug 14 05:24:55 UTC 2019
patches/packages/linux-4.4.189/*: Upgraded.
These updates fix various bugs and many security issues, and include the
Spectre v1 SWAPGS mitigations.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 4.4.187:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-13631
https://cve.mitre.org/cgi-bin/cvenam...CVE-2017-18509
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-14283
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-10207
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-14284
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-13648
Fixed in 4.4.189:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2018-20856
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2019-1125
(* Security fix *)

Last edited by mats_b_tegner; 08-14-2019 at 02:48 AM. Reason: Slackware 14.2 kernel packages available
 
3 members found this post helpful.
Old 08-22-2019, 01:02 AM   #837
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 339

Rep: Reputation: 261Reputation: 261Reputation: 261
bind-9.11.10 is released with one security fix.
ftp://ftp.isc.org/isc/bind9/9.11.10/bind-9.11.10.tar.gz
ftp://ftp.isc.org/isc/bind9/9.11.10/....10.tar.gz.asc

Quote:
Security Fixes
A race condition could trigger an assertion failure when a large number of incoming packets were being rejected. This flaw is disclosed in CVE-2019-6471. [GL #942]
 
Old 08-28-2019, 01:46 PM   #838
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 799

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Ruby

https://www.ruby-lang.org/en/news/20...ities-in-rdoc/
Quote:
Multiple jQuery vulnerabilities in RDoc

Posted by aycabta on 28 Aug 2019

There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.
Details

The following vulnerabilities have been reported.

CVE-2012-6708
CVE-2015-9251

It is strongly recommended for all Ruby users to upgrade your Ruby installation or take one of the following workarounds as soon as possible. You also have to re-generate existing RDoc documentation to completely mitigate the vulnerabilities.
Affected Versions

Ruby 2.3 series: all
Ruby 2.4 series: 2.4.6 and earlier
Ruby 2.5 series: 2.5.5 and earlier
Ruby 2.6 series: 2.6.3 and earlier
Fixed in Ruby versions 2.6.4, 2.5.6 and 2.4.7:
https://cache.ruby-lang.org/pub/ruby...y-2.6.4.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.5.6.tar.xz
https://cache.ruby-lang.org/pub/ruby...y-2.4.7.tar.xz

Edit: An updated ruby 2.6.4 package is available for -current according to the latest ChangeLogs.

Last edited by mats_b_tegner; 09-01-2019 at 01:47 AM.
 
Old 09-10-2019, 09:33 AM   #839
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 339

Rep: Reputation: 261Reputation: 261Reputation: 261
openssl-1.0.2t is released with security fixes.
https://www.openssl.org/source/openssl-1.0.2t.tar.gz
https://www.openssl.org/source/opens....2t.tar.gz.asc

Quote:
Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019]

o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Document issue with installation paths in diverse Windows builds
(CVE-2019-1552)
 
3 members found this post helpful.
Old 09-11-2019, 04:36 PM   #840
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,633

Rep: Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924
Didn't know where to throw this and hope it'll be helpful, even if Slackware & its kernel (nothing available yet) cannot help.
There's a freshly discovered vulnerability (side channel attack), dubbed NetCAT - CVE-2019-11184, affecting only Intel Xeon E5, E7 and SP families that support DDIO and RDMA.
One of the mitigations is to disable (BIOS?) the DDIO and RDMA extensions.
More about these extensions:
https://www.intel.com/content/dam/ww...ct-i-o-faq.pdf
https://www.intel.com/content/dam/ww...logy-brief.pdf

News article:
https://www.theregister.co.uk/2019/0...hannel_attack/
The Free University of Amsterdam - VUSEC Team - the ones who did the research & discovery:
https://www.vusec.net/projects/netcat/
Research paper:
https://www.cs.vu.nl/~herbertb/downl...etcat_sp20.pdf
Intel's security advisory:
https://www.intel.com/content/www/us...-sa-00290.html
 
3 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration