SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With the default character encoding now being UTF8, maybe it's worth reevaluating whether to switch from man to man-db in order to avoid issues like this one.?
With the default character encoding now being UTF8, maybe it's worth reevaluating whether to switch from man to man-db in order to avoid issues like this one.?
Is there a reason that new kernels haven't been issued for all stable releases of Slackware to mitigate CVE-2016-10229? It's a low-complexity network exploit that can lead to arbitrary code execution, so if Slackware is affected, it's worth patching.
The most recent Official Slackware 14.2 Kernel is 4.4.38 and commit 197c949e7798fbf28cfadc69d9ca0c2abbf93191 appears to have already been included in net/ipv4/udp.c and in net/ipv6/udp.c ...
Is there a reason that new kernels haven't been issued for all stable releases of Slackware to mitigate CVE-2016-10229? It's a low-complexity network exploit that can lead to arbitrary code execution, so if Slackware is affected, it's worth patching.
14.2 isn't affected. Any kernels 4.4.30 and below are affected in the 4.4 series, and 14.2 now has 4.4.38.
14.1 isn't affected. Any kernels 3.10.90 and below are affected in the 3.10 series, and 14.1 now has 3.10.104.
14.0 isn't affected. Any kernels 3.2.82 and below are affected in the 3.2 series, and 14.0 now has 3.2.83.
However, it does seem that the kernels in 13.0, 13.1, and 13.37 are affected, but it doesn't look like there were ever any patches pushed by kernel developers to fix this issue. All those kernels were EOLed before this CVE came to light.
Maybe a tad premature, but Perl 5.26.0 has been released.
-- kjh
Some security fixes
Code:
Security
Removal of the current directory (".") from @INC
Escaped colons and relative paths in PATH
New -Di switch is now required for PerlIO debugging output
Of particular interest there are DBD::SQLite and DBD::mysql.
That having been said, if v5.26.x is incorporated into Slackware before these modules have been fixed, I'd be willing to contribute some SlackBuilds for some of them which apply patches to fix the errant behavior.
just infos for new sane-backends the SlackBuild need changes:
need --docdir, instead --with-docdir
need --with-usb, instead --enable-libusb_1_0
need to add this option:
--without-api-spec,
no build without this option on slack-current, (because need other tools who are not present in slackware) and probably api-spec is just used by developper.
14.2 isn't affected. Any kernels 4.4.30 and below are affected in the 4.4 series, and 14.2 now has 4.4.38.
14.1 isn't affected. Any kernels 3.10.90 and below are affected in the 3.10 series, and 14.1 now has 3.10.104.
14.0 isn't affected. Any kernels 3.2.82 and below are affected in the 3.2 series, and 14.0 now has 3.2.83.
However, it does seem that the kernels in 13.0, 13.1, and 13.37 are affected, but it doesn't look like there were ever any patches pushed by kernel developers to fix this issue. All those kernels were EOLed before this CVE came to light.
Of particular interest there are DBD::SQLite and DBD::mysql.
That having been said, if v5.26.x is incorporated into Slackware before these modules have been fixed, I'd be willing to contribute some SlackBuilds for some of them which apply patches to fix the errant behavior.
Nice Link ! Thanks ttk !!
Yes, broken sqlite and mysql CPAN modules might indeed break a lot of code all over the world
And thanks for the offer to fix the SlackBuilds !
As always, I too, would also submit diffs for any of the few CPAN Modules that I use to the CPAN and SBo maintainers should I run into and fix issues with Perl 5.26.0 in -current.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.