LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-11-2019, 10:09 AM   #826
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 518

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Kernel 4.4.181


https://cdn.kernel.org/pub/linux/ker...4.4.181.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.181
Quote:
commit 98529ecd313bbeff006930056dad26529510054f
Author: Sriram Rajagopalan
Date: Fri May 10 19:28:06 2019 -0400

ext4: zero out the unused memory region in the extent tree block

commit 592acbf16821288ecdc4192c47e3774a4c48bb64 upstream.

This commit zeroes out the unused memory region in the buffer_head
corresponding to the extent metablock after writing the extent header
and the corresponding extent node entries.

This is done to prevent random uninitialized data from getting into
the filesystem when the extent block is synced.

This fixes CVE-2019-11833.
This commit is already included in kernel 4.19.y in -current (was added in 4.19.45).

Last edited by mats_b_tegner; 06-11-2019 at 04:16 PM.
 
2 members found this post helpful.
Old Yesterday, 08:20 AM   #827
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 518

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
TCP SACK Panic etc

Kernels 4.4.182 and 4.19.52 fixes the following CVEs:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.182
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.52
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11477
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11478
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-11479
https://github.com/Netflix/security-...ty/2019-001.md

TCP SACK can be temporarily disabled by issuing the following command(s) as root:
To check if you are vulnerable:
Code:
sysctl net.ipv4.tcp_sack
Disable with:
Code:
sysctl -w net.ipv4.tcp_sack=0
Edit:
Updated kernel packages are now available according to the latest ChangLogs.

Last edited by mats_b_tegner; Yesterday at 07:58 PM. Reason: Added temporary workaround
 
1 members found this post helpful.
Old Yesterday, 12:10 PM   #828
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 518

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Firefox ESR 60.7.1

https://www.mozilla.org/en-US/securi...s/mfsa2019-18/
https://ftp.mozilla.org/pub/firefox/....source.tar.xz
https://ftp.mozilla.org/pub/firefox/...rce.tar.xz.asc
Edit:
Updated mozilla-firefox packages are available according to the latest ChangLogs.

Last edited by mats_b_tegner; Yesterday at 07:59 PM.
 
1 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration