[Slackware security] vulnerabilities outstanding 20140101

Didier Spaier · 03-02-2021, 03:25 PM

Quote:

Originally Posted by teoberi

This is the reason why, although I tested GRUB in the virtual machine, I did not install it on the test server or on the production one.
GRUB 2.04 has quite a few issues (e.g. the BootHole vulnerability) and version 2.06 is still pending.

Funnily, Daniel just answered a few seconds ago to people complaining about the delayed 2.06 release:

Quote:

I am planning to cut 2.06-rc1 in matter of days...

But he didn't say how many...

I am testing my new packages and for some reason grub-mkconfig doesn't create the boot entries expected from os-prober. Investigating. Of course I won't ship this package as-is.

Didier Spaier · 03-02-2021, 03:41 PM

Quote:

Originally Posted by Didier Spaier

I am testing my new packages and for some reason grub-mkconfig doesn't create the boot entries expected from os-prober. Investigating. Of course I won't ship this package as-is.

Found it. In the patch #116 a test is wrongly reverted. Now to get boot entries from os-prober one have to set GRUB_DISABLE_OS_PROBER=true instead of false. Go figure...

PS reported on the grub-devel mailing list.

gmgf · 03-02-2021, 11:33 PM

Quote:

Originally Posted by Didier Spaier

Daniel Kiper just released no less than 117 patches to fix vulnerabilities in GRUB.

I have pulled from git master and built a new GRUB package for Slint that I will upload today. I suggest to do the same for Slackware.

I use also the git version since the latest current package.

Didier Spaier · 03-03-2021, 04:04 PM

Quote:

Originally Posted by Didier Spaier

Found it. In the patch #116 a test is wrongly reverted. Now to get boot entries from os-prober one have to set GRUB_DISABLE_OS_PROBER=true instead of false. Go figure...

PS reported on the grub-devel mailing list.

Will be fixed soon.

willysr · 03-09-2021, 10:41 PM

git 2.30.2 due to this report

mats_b_tegner · 03-13-2021, 12:22 PM

Security flaws in -stable (14.2) kernel before version 4.4.260:
https://linux.slashdot.org/story/21/...oot-privileges
https://www.scmagazine.com/home/secu...-to-attackers/
https://blog.grimm-co.com/2021/03/ne...ux-kernel.html

Edit:
New kernel packages are available according to the latest ChangeLogs:

Quote:

Sun Mar 14 03:24:31 UTC 2021
patches/packages/kernel-firmware-20210305_e425f76-noarch-1.txz: Upgraded.
patches/packages/linux-4.4.261/*: Upgraded.
These updates fix various bugs and security issues, including the recently
announced iSCSI vulnerabilities allowing local privilege escalation.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27363
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27364
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27365
(* Security fix *)

jmccue · 03-20-2021, 02:44 PM

I ran across nvd.nist.gov - CVE-2021-27135, looks like it is specific to 14.2 and earlier. From what I read, the version on current is fine.

So I took the xterm source and build from Current slackware.osuosl.org xterm-366 and compiled and installed it on 14.2. So far so good. But if you have custom fonts in ~/.Xdefaults you may need to adjust them.

fskmh · 03-21-2021, 05:34 AM

This is a bit of an oldie. It's mostly applicable to docker and flatpak: CVE-2019-17498

Quote:

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

A PoC exists although it's an exercise that requires docker and a user that wants to crash their own docker server.

This will mostly likely be fixed when upstream releases 1.9.1 because the patch comes from the main branch on github, but I'm submitting this for Pat's consideration in the meantime.

Code:

--- libssh2.SlackBuild.orig     2021-03-21 12:10:41.579936398 +0200
+++ libssh2.SlackBuild  2021-03-21 12:09:10.603865683 +0200
@@ -24,7 +24,7 @@
 
 PKGNAM=libssh2
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -77,6 +77,13 @@
   \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
   -exec chmod 644 {} \+
 
+# CVE-2019-17498
+[[ ! -f ${CWD}/CVE-2019-17498.patch ]] && \
+wget https://github.com/libssh2/libssh2/commit/1c6fa92b77e34d089493fe6d3e2c6c8775858b94.patch \
+-O ${CWD}/CVE-2019-17498.patch
+
+patch -Np1 -i ${CWD}/CVE-2019-17498.patch || exit 1
+
 CFLAGS="$SLKCFLAGS" \
 ./configure \
   --prefix=/usr \

mats_b_tegner · 04-10-2021, 11:18 AM

Linux kernel LTS versions prior to 5.10.29, 5.4.111, 4.19.186, 4.14.230, 4.9.266, and 4.4.266 are vulnerable to CVE-2021-29154
https://www.openwall.com/lists/oss-s...y/2021/04/08/1

atelszewski · Yesterday, 04:32 AM

Please ignore.