LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-08-2019, 06:43 PM   #871
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,377

Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769

Is this thread no longer sticky?
 
Old 12-08-2019, 06:51 PM   #872
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 6,375

Rep: Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129
I think for some reason they unstickied this one and kept this old and outdated one as the sticky...
 
1 members found this post helpful.
Old 12-08-2019, 07:14 PM   #873
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,377

Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
Well, maybe it's time to start a new one, without any date & "outstanding" in the title, like:
[Slackware security] Live Vulnerabilities Announcements & Reports
 
Old 12-09-2019, 12:08 AM   #874
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 279

Rep: Reputation: 227Reputation: 227Reputation: 227
Hi,

Quote:
Originally Posted by abga View Post
Well, maybe it's time to start a new one, without any date & "outstanding" in the title, like:
[Slackware security] Live Vulnerabilities Announcements & Reports
I think the thread Status Update: Slackware LQ Security Thread is the one.
 
1 members found this post helpful.
Old 12-09-2019, 12:29 AM   #875
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,377

Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
@Thom1b

Thanks! Noticed that already. It's all GazL's fault for calling it "active, and useful"
Now this one that contains all the fresh stuff & details will get flushed down the toilet ... forum thread list and will soon vanish.
I don't know if it's in the power of the mods, but I'd rather suggest to rename this thread, remove " outstanding 20140101 " from the title and keep it active & sticky.
Or, rename it in: [Slackware security] Live Vulnerabilities Announcements & Reports
- maybe other more suggestive name (I'm not a native English speaker and not very creative at this time (tired too)).
 
1 members found this post helpful.
Old 12-09-2019, 06:20 AM   #876
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,327
Blog Entries: 18

Rep: Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125
Yep, sorry guys, looks like my desire to tidy up the stickies backfired and they clobbered the wrong one.



Mods, please can you. re-sticky this active thead:
https://www.linuxquestions.org/quest...-a-4175489800/

and unsticky this dead one: https://www.linuxquestions.org/quest...ad-4175522182/



As for the title, it might be an idea to wait until Jan and start a new 2020 thread to use going forward, or start a new one when Slackware 15.0 releases. what do people think?
 
2 members found this post helpful.
Old 12-09-2019, 06:39 AM   #877
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,327
Blog Entries: 18

Rep: Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125
Quote:
Originally Posted by abga View Post
Or, rename it in:
- maybe other more suggestive name (I'm not a native English speaker and not very creative at this time (tired too)).
'Live' might make people think it relates to Eric's Slackware-Live.

"[Slackware Security] Unresolved Vulnerability Announcements, Reports and Discussion" seems like an unambiguous title, if a little bit long.

Last edited by GazL; 12-09-2019 at 06:40 AM.
 
2 members found this post helpful.
Old 12-09-2019, 11:03 AM   #878
Tonus
Member
 
Registered: Jan 2007
Location: Paris, France
Distribution: Slackware-current
Posts: 584
Blog Entries: 3

Rep: Reputation: 152Reputation: 152
"[Slackware Security] Vulnerability Announcements, Reports and Discussion"

Since I hope a few become solved, that would be my vote
 
2 members found this post helpful.
Old 12-09-2019, 04:52 PM   #879
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
Quote:
Originally Posted by GazL View Post
Yep, sorry guys, looks like my desire to tidy up the stickies backfired and they clobbered the wrong one.
Thanks for correcting. Reversed stickification.
 
5 members found this post helpful.
Old 12-09-2019, 05:16 PM   #880
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,327
Blog Entries: 18

Rep: Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125
Thanks UnSpawn, much appreciated.
 
Old 12-09-2019, 06:43 PM   #881
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 XDM/WMaker
Posts: 684

Rep: Reputation: 219Reputation: 219Reputation: 219
Quote:
Originally Posted by bamunds View Post
So I just loaded firewalld running on my Slackware64 14.2 The environment is a single desktop behind a Modem/Router with IPv4 only service on the LAN, NAT enabled, and Firewall on. Some might ask why I'm running any firewall? Well I have been for years and yet I want to get experience and get ready to use a laptop when out and about. So simple setups in safe environment first. My firewalld zone is home and only irc,mdns, and samba-client are checked for services.


How would one convert the above commands to block this new IPv4 security issue in the firewalld entries? Can they be put in to FirewallD Direct Configuration?

Cheers, BrianA_MN
Turns out the Documentation for firewalld.conf clearly says that IPv4 rpfilter is controlled by sysctl.conf. So setting up sysctl.conf as stated above is exactly what to do. Thanks.
 
1 members found this post helpful.
Old 12-09-2019, 08:25 PM   #882
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,377

Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
Quote:
Originally Posted by GazL View Post
'Live' might make people think it relates to Eric's Slackware-Live.

"[Slackware Security] Unresolved Vulnerability Announcements, Reports and Discussion" seems like an unambiguous title, if a little bit long.
I felt the "outstanding" would suggest that the vulnerabilities are not resolved and that is false, I know for sure Patrick is constantly monitoring & providing inputs in the thread and issues are getting resolved in no-time. The same goes for "current" - again unresolved?, additionally, for a visitor it can also suggest that Slackware is not doing a good job -, like : "look they have a thread for the outstanding(unresolved) security issues"
With "Live" I wanted to emphasize that the thread is active and "alive", that it should be used and monitored, but now I believe Tonus' formulation could be more suitable (with the plural for Discussion):
"[Slackware Security] Vulnerability Announcements, Reports and Discussions"

Glad it's back on sticky.
 
1 members found this post helpful.
Old 12-10-2019, 03:49 AM   #883
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,327
Blog Entries: 18

Rep: Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125Reputation: 3125
Quote:
Originally Posted by abga View Post
I felt the "outstanding" would suggest that the vulnerabilities are not resolved and that is false,"
Actually, the original intention for the thread was as a place to draw attention to and discuss security related issues that need addressing on a Slackware system: either by local sysadms, or Pat, applying an upstream patch/update, or taking mitigating steps.

As such, "outstanding" and "unresolved" are appropriate. I prefer "unresolved" so as to avoid the multiple meanings "outstanding" has.
 
2 members found this post helpful.
Old 12-10-2019, 09:04 PM   #884
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 6,375

Rep: Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129Reputation: 4129
Quote:
Originally Posted by GazL View Post
As such, "outstanding" and "unresolved" are appropriate. I prefer "unresolved" so as to avoid the multiple meanings "outstanding" has.
What I see abga trying to explain is that someone might look on page one and see a vulnerability from 2014 that they think hasn't been addressed. Without a proper way to edit the older posts in the thread when things are no longer outstanding or unresolved, it may lead someone to think that Slackware is insecure. Hopefully they won't come to that conclusion, but it is always possible.

If we had the ability to edit the first post and keep track of currently known vulnerabilities that don't have patches (or even recent ones that had patches already pushed out), it would make more sense to leave it as outstanding or unresolved.

But since I believe only moderators would have the ability to edit posts that old (and the topic name), we're stuck with the current name and OP.

I suppose if someone wanted to be gung-ho and maintain a slack-docs article on current vulnerabilities, they could open a new thread for new vulnerabilities announcements/reportings and then in the first post, they could link the slack-docs article that tracks current/recent vulnerabilities and their status on various Slackware versions. I certainly don't have the time and inclination to manage that, but it would certainly be a nice resource if someone is able to tackle it.
 
1 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 02:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration