SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Many of you are familiar with [Slackware security] vulnerabilities outstanding 20140101 (aka "the security thread"). For those who aren't,
it's a thread where slackers (ranging from security-conscious end users to admins seeking to harden their systems) share and discuss
security concerns with a focus on solutions.
Unfortunately, its high posting volume makes navigating it a bit of a challenge.
To help with this, I recently put together a status report covering the period from 20140101 (thread's birth) through 20141014.
As was suggested to me, I am re-posting it here to raise visibility.
So Slackware-current is still vulnerable where you listed it as such. I know those with servers online will take one attitude. For the ordinary user, how many of these matter?
Last edited by business_kid; 10-15-2014 at 05:35 AM.
Great question with no simple answer. After all, levels of risk aversion, use case profiles, etc. vary considerably by user (i.e. security is
not one-size-fits-all). Gurus and seasoned users can provide guidelines and recommendations to novices but ultimately each user needs
to answer that question for themselves.
The thread doesn't attempt to decide for you what should matter. Rather, in Slackwarian fashion, issue/solution sets are shared and
discussed unfiltered. That way individual slackers can make informed decisions about which security situations are of concern to them.
Thanks mancha, I like this thread a lot better than the original. Clear, concise, to the point and a great disclaimer that the user needs to decide for themselves, I couldn't have put it better. Keep it up.
I guess I should finally upgrade my server from 14.0 to 14.1 given that there is now at least one set of security updates (ie, glibc) that have not been applied to 14.0 which still runs a vulnerable version of glibc according to the literature I have read.
Automagically? Not that I'm aware of without scripting it. But you probably shouldn't do it automatically so you can decide what new configs to keep, merge, or discard.
Just make sure you have a server selected in the mirrors file, then run the commands to check for updates and then to upgrade the packages.
I request you move this to a more appropriate thread. The purpose of this low-traffic thread is to provide occasional status updates for the security thread. Thanks.
Hi mancha, thank you for this excellent summary thread and the links.
1) Any chance you might make a follow-up thread, or include in this one, how one should do a basic security of their Slackware?
2) Any chance you might provide instructions for earlier Slackware releases on how to build the Advisory for their release?
3) For newbies, any chance you might include a link to "updating using "&make&&makeinstall" or "slackpkg upgrade <app>" type instructions?
The PHP development team announces the immediate availability of PHP
5.4.40. 14 security-related bugs were fixed in this release, including
CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.