LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-22-2021, 08:34 PM   #901
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 918

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613

Mutt 2.0.5 was released on January 21, 2021. This is a bug-fix release, fixing a few memory leaks, including CVE-2021-3181.
ftp://ftp.mutt.org/pub/mutt/mutt-2.0.5.tar.gz
 
Old 01-26-2021, 05:32 PM   #902
fskmh
Member
 
Registered: Jun 2002
Location: South Africa
Distribution: Custom slackware64-current
Posts: 290

Rep: Reputation: 85
CVE-2021-3156 sudo heap buffer overflow

CVE-2021-3156
Heap buffer overflow affecting sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.

Patch is here.

Additional note: Conditional check of libpam symbolic link in sudo.Slackbuild fails on Slackware64 because LIBDIRSUFFIX is not defined in the arch detection stanza like it usually is.
Attached Files
File Type: txt sudo_slackbuild.diff.txt (909 Bytes, 5 views)
 
1 members found this post helpful.
Old 01-26-2021, 05:56 PM   #903
drgibbon
Senior Member
 
Registered: Nov 2014
Distribution: Slackware64 -current
Posts: 1,035

Rep: Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702
Fixed in -current (and 14.0, 14.1, 14.2).
 
1 members found this post helpful.
Old 01-26-2021, 06:53 PM   #904
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware
Posts: 1,893

Rep: Reputation: 1142Reputation: 1142Reputation: 1142Reputation: 1142Reputation: 1142Reputation: 1142Reputation: 1142Reputation: 1142Reputation: 1142
Recently several dnsmasq vulnerabilities were reported. Version 2.78 in 14.2 is affected.
 
1 members found this post helpful.
Old 02-06-2021, 08:41 AM   #905
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 918

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613
CVE-2021-21148 affects Google Chrome/Chromium-based browsers
Upgrade to Chromium 88.0.4324.150 or later.
https://chromereleases.googleblog.co...desktop_4.html
 
3 members found this post helpful.
Old 02-11-2021, 07:01 AM   #906
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 918

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613
GNU Screen up to and including version 4.8.0 is vulnerable to CVE-2021-26937
https://www.linuxquestions.org/quest...ty-4175690257/
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-26937
A patch is available here:
https://salsa.debian.org/debian/scre...21-26937.patch

The patch seems to apply cleanly on 4.8.0 running Slackware-current as far as I can tell.

Last edited by mats_b_tegner; 02-11-2021 at 10:00 AM.
 
3 members found this post helpful.
Old 02-16-2021, 12:25 PM   #907
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 918

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613
OpenSSL 1.1.1j
Upgraded in -current according to the latest ChangeLogs:
Quote:
n/openssl-1.1.1j-i586-1.txz: Upgraded.
n/openssl-1.1.1j-x86_64-1.txz: Upgraded.
This fixes bugs and denial of service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-23841
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-23840
(* Security fix *)

Last edited by mats_b_tegner; 02-17-2021 at 10:52 AM.
 
Old 02-18-2021, 06:03 PM   #908
ttk
Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 971
Blog Entries: 27

Rep: Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367Reputation: 1367
python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3177

Not aware of any patch yet.
 
Old 02-19-2021, 01:01 AM   #909
ponce
LQ Guru
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 6,083

Rep: Reputation: Disabled
Quote:
Originally Posted by ttk View Post
python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3177

Not aware of any patch yet.
this should be the backported patch from the development branch

https://github.com/python/cpython/co...1353ecc3.patch
 
1 members found this post helpful.
Old 02-23-2021, 12:20 AM   #910
nobodino
Member
 
Registered: Jul 2010
Location: in France
Distribution: slackware, slackware from scratch, LFS, slackware [arm], linux Mint,Manjaro...
Posts: 855

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Bind-9.10.12 affected by a serious bug according to this: http://wiki.linuxfromscratch.org/blfs/ticket/14683

it's advised to downgrade to bind-9.10.11 + a sed patch.
 
Old 02-23-2021, 10:05 AM   #911
Jan K.
Member
 
Registered: Apr 2019
Location: Esbjerg
Distribution: slackware...
Posts: 246

Rep: Reputation: 170Reputation: 170
Kinda "nice" thread, but perhaps unstick it and create [Slackware security] vulnerabilities outstanding 20210301 ?

Or whatever month/day we go beyond Slackware 15 beta...
 
Old 02-24-2021, 03:20 AM   #912
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 918

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613
Thunderbird 78.8.0 fixes the following security vulnerabilities:
https://www.mozilla.org/en-US/securi...s/mfsa2021-09/
Edit:
Available in -current according to the latest ChangeLogs.
Quote:
Wed Feb 24 20:34:08 UTC 2021
xap/mozilla-thunderbird-78.8.0-x86_64-1.txz: Upgraded.

Last edited by mats_b_tegner; 02-25-2021 at 04:16 PM.
 
Old 02-24-2021, 03:21 AM   #913
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 918

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613
duplicate post.

Last edited by mats_b_tegner; 02-24-2021 at 07:36 AM.
 
Old 03-02-2021, 02:13 PM   #914
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 9,862

Rep: Reputation: Disabled
GRUB: 117 security patches at once.

Daniel Kiper just released no less than 117 patches to fix vulnerabilities in GRUB.

I have pulled from git master and built a new GRUB package for Slint that I will upload today. I suggest to do the same for Slackware.
 
2 members found this post helpful.
Old 03-02-2021, 02:38 PM   #915
teoberi
Member
 
Registered: Jan 2018
Location: Romania
Distribution: Slackware64-current (servers)/Ubuntu (workstations)
Posts: 287

Rep: Reputation: 168Reputation: 168
Quote:
Originally Posted by Didier Spaier View Post
Daniel Kiper just released no less than 117 patches to fix vulnerabilities in GRUB.

I have pulled from git master and built a new GRUB package for Slint that I will upload today. I suggest to do the same for Slackware.
This is the reason why, although I tested GRUB in the virtual machine, I did not install it on the test server or on the production one.
GRUB 2.04 has quite a few issues (e.g. the BootHole vulnerability) and version 2.06 is still pending.
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration