[Slackware security] vulnerabilities outstanding 20140101

Didier Spaier · 03-02-2021, 03:25 PM

Quote:

Originally Posted by teoberi

This is the reason why, although I tested GRUB in the virtual machine, I did not install it on the test server or on the production one.
GRUB 2.04 has quite a few issues (e.g. the BootHole vulnerability) and version 2.06 is still pending.

Funnily, Daniel just answered a few seconds ago to people complaining about the delayed 2.06 release:

Quote:

I am planning to cut 2.06-rc1 in matter of days...

But he didn't say how many...

I am testing my new packages and for some reason grub-mkconfig doesn't create the boot entries expected from os-prober. Investigating. Of course I won't ship this package as-is.

Didier Spaier · 03-02-2021, 03:41 PM

Quote:

Originally Posted by Didier Spaier

I am testing my new packages and for some reason grub-mkconfig doesn't create the boot entries expected from os-prober. Investigating. Of course I won't ship this package as-is.

Found it. In the patch #116 a test is wrongly reverted. Now to get boot entries from os-prober one have to set GRUB_DISABLE_OS_PROBER=true instead of false. Go figure...

PS reported on the grub-devel mailing list.

gmgf · 03-02-2021, 11:33 PM

Quote:

Originally Posted by Didier Spaier

Daniel Kiper just released no less than 117 patches to fix vulnerabilities in GRUB.

I have pulled from git master and built a new GRUB package for Slint that I will upload today. I suggest to do the same for Slackware.

I use also the git version since the latest current package.

Didier Spaier · 03-03-2021, 04:04 PM

Quote:

Originally Posted by Didier Spaier

Found it. In the patch #116 a test is wrongly reverted. Now to get boot entries from os-prober one have to set GRUB_DISABLE_OS_PROBER=true instead of false. Go figure...

PS reported on the grub-devel mailing list.

Will be fixed soon.

willysr · 03-09-2021, 10:41 PM

git 2.30.2 due to this report

mats_b_tegner · 03-13-2021, 12:22 PM

Security flaws in -stable (14.2) kernel before version 4.4.260:
https://linux.slashdot.org/story/21/...oot-privileges
https://www.scmagazine.com/home/secu...-to-attackers/
https://blog.grimm-co.com/2021/03/ne...ux-kernel.html

Edit:
New kernel packages are available according to the latest ChangeLogs:

Quote:

Sun Mar 14 03:24:31 UTC 2021
patches/packages/kernel-firmware-20210305_e425f76-noarch-1.txz: Upgraded.
patches/packages/linux-4.4.261/*: Upgraded.
These updates fix various bugs and security issues, including the recently
announced iSCSI vulnerabilities allowing local privilege escalation.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27363
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27364
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27365
(* Security fix *)

jmccue · 03-20-2021, 02:44 PM

I ran across nvd.nist.gov - CVE-2021-27135, looks like it is specific to 14.2 and earlier. From what I read, the version on current is fine.

So I took the xterm source and build from Current slackware.osuosl.org xterm-366 and compiled and installed it on 14.2. So far so good. But if you have custom fonts in ~/.Xdefaults you may need to adjust them.

fskmh · 03-21-2021, 05:34 AM

This is a bit of an oldie. It's mostly applicable to docker and flatpak: CVE-2019-17498

Quote:

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

A PoC exists although it's an exercise that requires docker and a user that wants to crash their own docker server.

This will mostly likely be fixed when upstream releases 1.9.1 because the patch comes from the main branch on github, but I'm submitting this for Pat's consideration in the meantime.

Code:

--- libssh2.SlackBuild.orig     2021-03-21 12:10:41.579936398 +0200
+++ libssh2.SlackBuild  2021-03-21 12:09:10.603865683 +0200
@@ -24,7 +24,7 @@
 
 PKGNAM=libssh2
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -77,6 +77,13 @@
   \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
   -exec chmod 644 {} \+
 
+# CVE-2019-17498
+[[ ! -f ${CWD}/CVE-2019-17498.patch ]] && \
+wget https://github.com/libssh2/libssh2/commit/1c6fa92b77e34d089493fe6d3e2c6c8775858b94.patch \
+-O ${CWD}/CVE-2019-17498.patch
+
+patch -Np1 -i ${CWD}/CVE-2019-17498.patch || exit 1
+
 CFLAGS="$SLKCFLAGS" \
 ./configure \
   --prefix=/usr \

mats_b_tegner · 04-10-2021, 11:18 AM

Linux kernel LTS versions prior to 5.10.29, 5.4.111, 4.19.186, 4.14.230, 4.9.266, and 4.4.266 are vulnerable to CVE-2021-29154
https://www.openwall.com/lists/oss-s...y/2021/04/08/1

atelszewski · 04-11-2021, 04:32 AM

Please ignore.

cwizardone · 05-01-2021, 10:23 AM

Thought this would be as good a place as any to post this,

Quote:

New Spectre Variants Discovered By Exploiting Micro-op Caches
Written by Michael Larabel in Linux Security on 1 May 2021 at 06:13 AM EDT.

University of Virginia and University of California San Diego researchers have discovered multiple new variants of Spectre attacks that are not protected by existing Spectre mitigations and could yield both Intel and AMD CPUs leaking data via micro-op caches.

This week the Virginia and California academic researchers went public with their discoveries on exploiting the micro-op cache of modern Intel and AMD processors for beating existing Spectre defenses. Both Intel and AMD were informed in advance of these two variants (or their whitepaper lays it out as three) that allow speculatively stealing information from the system.

The researchers believe this new attack by way of the micro-op cache will be harder to mitigate. Needless to say, at this point there is no kernel patches or microcode updates to pass along. The researchers also believe that any mitigation will come with "much greater performance penalty" than what was found by previous attacks. Among the potential mitigations would involve flushing the micro-op cache at domain crossings and/or privilege level-based partitioning of the caches.
This paper describes three attacks – (1) a same thread cross-domain attack that leaks secrets across the user-kernel boundary, (2) a cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache, and (3) transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre.

The researchers will be presenting at ISCA next month on their findings while there is the whitepaper for those interested in the research. Stay tuned

https://www.phoronix.com/scan.php?pa...Cache-Exploits

slac-in-the-box · 05-06-2021, 10:35 AM

Does Slackware have any mitigations against Row Hammer attacks? Can enough sram be clustered together to use instead of dram (if one could afford it)?

teoberi · 06-08-2021, 02:22 PM

Intel Processor Microcode Update (MCU) -> microcode-20210608 Release
https://github.com/intel/Intel-Linux...ode-Data-Files
https://github.com/intel/Intel-Linux...releasenote.md

M0M0 · 07-23-2021, 01:37 PM

Critical vulnerability in the Linux kernel:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-33909

teoberi · 07-23-2021, 01:46 PM

Slackware64-current is safe (kernel 5.13.4).