LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-16-2019, 11:11 AM   #841
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 619

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384

Kernel 4.19.73 fixes the following CVEs:
https://cdn.kernel.org/pub/linux/ker...4.19.73.tar.xz
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.73
Quote:
commit 47a0f70d7d9ac3d6b1a96b312d07bc67af3834e9
Author: Gustavo Romero
This fixes CVE-2019-15030.
https://www.openwall.com/lists/oss-s...y/2019/09/10/3
commit 569775bd536416ed9049aa580d9f89a0b4307d60
Author: Gustavo Romero
This fixes CVE-2019-15031.
https://www.openwall.com/lists/oss-s...y/2019/09/10/4
Only affects the PowerPC architecture.

Last edited by mats_b_tegner; 09-16-2019 at 11:22 AM.
 
1 members found this post helpful.
Old 09-16-2019, 11:15 AM   #842
ponce
LQ Guru
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 5,007

Rep: Reputation: Disabled
Quote:
Originally Posted by mats_b_tegner View Post
those are actually two bugs specific of the powerpc platform.
 
2 members found this post helpful.
Old 09-19-2019, 10:20 AM   #843
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 619

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Kernel 4.19.74 fixes CVE-2019-15504:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.19.74
Quote:
commit 3622d621e9beca76d53cd3007eb7b1d6e724716b
Author: Hui Peng
Date: Mon Aug 19 18:02:29 2019 -0400

rsi: fix a double free bug in rsi_91x_deinit()

commit 8b51dc7291473093c821195c4b6af85fadedbc2f upstream.

`dev` (struct rsi_91x_usbdev *) field of adapter
(struct rsi_91x_usbdev *) is allocated and initialized in
`rsi_init_usb_interface`. If any error is detected in information
read from the device side, `rsi_init_usb_interface` will be
freed. However, in the higher level error handling code in
`rsi_probe`, if error is detected, `rsi_91x_deinit` is called
again, in which `dev` will be freed again, resulting double free.

This patch fixes the double free by removing the free operation on
`dev` in `rsi_init_usb_interface`, because `rsi_91x_deinit` is also
used in `rsi_disconnect`, in that code path, the `dev` field is not
(and thus needs to be) freed.

This bug was found in v4.19, but is also present in the latest version
of kernel. Fixes CVE-2019-15504.
RSI wireless driver as far as I can tell.
 
Old 10-02-2019, 10:21 PM   #844
Wiser Slacker
Member
 
Registered: May 2014
Location: germany
Distribution: slackware x86_64 , arm , slackware
Posts: 73

Rep: Reputation: Disabled
Xpdf-4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc
CVE-2019-16927

should now be fixed in Xpdf 4.02

Description:
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
Should be fixed:
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41889

hope it helps
 
Old 10-03-2019, 01:18 AM   #845
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,756

Rep: Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593Reputation: 5593
Quote:
Originally Posted by Wiser Slacker View Post
Xpdf-4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc
CVE-2019-16927
Unprivileged application crash.
 
3 members found this post helpful.
Old Yesterday, 08:01 PM   #846
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,211

Rep: Reputation: 640Reputation: 640Reputation: 640Reputation: 640Reputation: 640Reputation: 640
A potentially serious vulnerability (buffer overflow) in the kernel rtlwifi driver when using Wifi-Direct, affecting all kernels starting with 3.10.1, may crash or fully compromise vulnerable machines.
CVE-2019-17666
https://cve.mitre.org/cgi-bin/cvenam...CVE-2019-17666

A patch has been already made available and hope it'll get soon implemented & backported:
https://lkml.org/lkml/2019/10/16/1226
 
2 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration