SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This is the reason why, although I tested GRUB in the virtual machine, I did not install it on the test server or on the production one.
GRUB 2.04 has quite a few issues (e.g. the BootHole vulnerability) and version 2.06 is still pending.
Funnily, Daniel just answered a few seconds ago to people complaining about the delayed 2.06 release:
Quote:
I am planning to cut 2.06-rc1 in matter of days...
But he didn't say how many...
I am testing my new packages and for some reason grub-mkconfig doesn't create the boot entries expected from os-prober. Investigating. Of course I won't ship this package as-is.
I am testing my new packages and for some reason grub-mkconfig doesn't create the boot entries expected from os-prober. Investigating. Of course I won't ship this package as-is.
Found it. In the patch #116 a test is wrongly reverted. Now to get boot entries from os-prober one have to set GRUB_DISABLE_OS_PROBER=true instead of false. Go figure...
PS reported on the grub-devel mailing list.
Last edited by Didier Spaier; 03-02-2021 at 03:51 PM.
Reason: PS added.
Found it. In the patch #116 a test is wrongly reverted. Now to get boot entries from os-prober one have to set GRUB_DISABLE_OS_PROBER=true instead of false. Go figure...
Edit:
New kernel packages are available according to the latest ChangeLogs:
Quote:
Sun Mar 14 03:24:31 UTC 2021
patches/packages/kernel-firmware-20210305_e425f76-noarch-1.txz: Upgraded.
patches/packages/linux-4.4.261/*: Upgraded.
These updates fix various bugs and security issues, including the recently
announced iSCSI vulnerabilities allowing local privilege escalation.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see: https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27363 https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27364 https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27365
(* Security fix *)
Last edited by mats_b_tegner; 03-14-2021 at 01:31 AM.
I ran across nvd.nist.gov - CVE-2021-27135, looks like it is specific to 14.2 and earlier. From what I read, the version on current is fine.
So I took the xterm source and build from Current slackware.osuosl.org xterm-366 and compiled and installed it on 14.2. So far so good. But if you have custom fonts in ~/.Xdefaults you may need to adjust them.
This is a bit of an oldie. It's mostly applicable to docker and flatpak: CVE-2019-17498
Quote:
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
This will mostly likely be fixed when upstream releases 1.9.1 because the patch comes from the main branch on github, but I'm submitting this for Pat's consideration in the meantime.
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,086
Rep:
Thought this would be as good a place as any to post this,
Quote:
New Spectre Variants Discovered By Exploiting Micro-op Caches
Written by Michael Larabel in Linux Security on 1 May 2021 at 06:13 AM EDT.
University of Virginia and University of California San Diego researchers have discovered multiple new variants of Spectre attacks that are not protected by existing Spectre mitigations and could yield both Intel and AMD CPUs leaking data via micro-op caches.
This week the Virginia and California academic researchers went public with their discoveries on exploiting the micro-op cache of modern Intel and AMD processors for beating existing Spectre defenses. Both Intel and AMD were informed in advance of these two variants (or their whitepaper lays it out as three) that allow speculatively stealing information from the system.
The researchers believe this new attack by way of the micro-op cache will be harder to mitigate. Needless to say, at this point there is no kernel patches or microcode updates to pass along. The researchers also believe that any mitigation will come with "much greater performance penalty" than what was found by previous attacks. Among the potential mitigations would involve flushing the micro-op cache at domain crossings and/or privilege level-based partitioning of the caches.
This paper describes three attacks – (1) a same thread cross-domain attack that leaks secrets across the user-kernel boundary, (2) a cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache, and (3) transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre.
The researchers will be presenting at ISCA next month on their findings while there is the whitepaper for those interested in the research. Stay tuned
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.