Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen von Code mit höheren Privilegien in Linux
Aktuelle Meldungen Distributionen
Name: Ausführen von Code mit höheren Privilegien in Linux
ID: SSA:2016-305-01
Distribution: Slackware
Plattformen: Slackware -current, Slackware x86_64 -current, Slackware 14.0, Slackware x86_64 14.0, Slackware 14.1, Slackware x86_64 14.1, Slackware 14.2, Slackware x86_64 14.2
Datum: Di, 1. November 2016, 09:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2016-305-01)

New kernel packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.29/*: Upgraded.
This kernel fixes a security issue known as "Dirty COW". A race
condition
was found in the way the Linux kernel's memory subsystem handled the
copy-on-write (COW) breakage of private read-only memory mappings. An
unprivileged local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on
the system.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://dirtycow.ninja/
https://www.kb.cert.org/vuls/id/243144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
kernel-generic-3.2.83-i486-1_slack14.0.txz
kernel-generic-smp-3.2.83_smp-i686-1_slack14.0.txz
kernel-headers-3.2.83_smp-x86-1_slack14.0.txz
kernel-huge-3.2.83-i486-1_slack14.0.txz
kernel-huge-smp-3.2.83_smp-i686-1_slack14.0.txz
kernel-modules-3.2.83-i486-1_slack14.0.txz
kernel-modules-smp-3.2.83_smp-i686-1_slack14.0.txz
kernel-source-3.2.83_smp-noarch-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
kernel-generic-3.2.83-x86_64-1_slack14.0.txz
kernel-headers-3.2.83-x86-1_slack14.0.txz
kernel-huge-3.2.83-x86_64-1_slack14.0.txz
kernel-modules-3.2.83-x86_64-1_slack14.0.txz
kernel-source-3.2.83-noarch-1_slack14.0.txz

Updated packages for Slackware 14.1:
kernel-generic-3.10.104-i486-1_slack14.1.txz
kernel-generic-smp-3.10.104_smp-i686-1_slack14.1.txz
kernel-headers-3.10.104_smp-x86-1_slack14.1.txz
kernel-huge-3.10.104-i486-1_slack14.1.txz
kernel-huge-smp-3.10.104_smp-i686-1_slack14.1.txz
kernel-modules-3.10.104-i486-1_slack14.1.txz
kernel-modules-smp-3.10.104_smp-i686-1_slack14.1.txz
kernel-source-3.10.104_smp-noarch-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
kernel-generic-3.10.104-x86_64-1_slack14.1.txz
kernel-headers-3.10.104-x86-1_slack14.1.txz
kernel-huge-3.10.104-x86_64-1_slack14.1.txz
kernel-modules-3.10.104-x86_64-1_slack14.1.txz
kernel-source-3.10.104-noarch-1_slack14.1.txz

Updated packages for Slackware 14.2:
kernel-generic-4.4.29-i586-1_slack14.2.txz
kernel-generic-smp-4.4.29_smp-i686-1_slack14.2.txz
kernel-headers-4.4.29_smp-x86-1_slack14.2.txz
kernel-huge-4.4.29-i586-1_slack14.2.txz
kernel-huge-smp-4.4.29_smp-i686-1_slack14.2.txz
kernel-modules-4.4.29-i586-1_slack14.2.txz
kernel-modules-smp-4.4.29_smp-i686-1_slack14.2.txz
kernel-source-4.4.29_smp-noarch-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
kernel-generic-4.4.29-x86_64-1_slack14.2.txz
kernel-headers-4.4.29-x86-1_slack14.2.txz
kernel-huge-4.4.29-x86_64-1_slack14.2.txz
kernel-modules-4.4.29-x86_64-1_slack14.2.txz
kernel-source-4.4.29-noarch-1_slack14.2.txz

Updated packages for Slackware -current:
kernel-generic-4.4.29-i586-1.txz
kernel-generic-smp-4.4.29_smp-i686-1.txz
kernel-huge-4.4.29-i586-1.txz
kernel-huge-smp-4.4.29_smp-i686-1.txz
kernel-modules-4.4.29-i586-1.txz
kernel-modules-smp-4.4.29_smp-i686-1.txz
kernel-headers-4.4.29_smp-x86-1.txz
kernel-source-4.4.29_smp-noarch-1.txz

Updated packages for Slackware x86_64 -current:
kernel-generic-4.4.29-x86_64-1.txz
kernel-huge-4.4.29-x86_64-1.txz
kernel-modules-4.4.29-x86_64-1.txz
kernel-headers-4.4.29-x86-1.txz
kernel-source-4.4.29-noarch-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 packages:
9d31423cbc2d691075051611e47fccc3 kernel-generic-3.2.83-i486-1_slack14.0.txz
1de6a61bb7bc0ba6fcb2d0312b2007fa
kernel-generic-smp-3.2.83_smp-i686-1_slack14.0.txz
f37732224a455b481a51458b0f6f4cf0 kernel-headers-3.2.83_smp-x86-1_slack14.0.txz
7ddf907def979359b7cb2bb5df5d79ae kernel-huge-3.2.83-i486-1_slack14.0.txz
7abe4b1b16ae0658cfe81876922ed1a6
kernel-huge-smp-3.2.83_smp-i686-1_slack14.0.txz
804321f7746c6a1da3b48e7ccd7f039b kernel-modules-3.2.83-i486-1_slack14.0.txz
514182d51ec9536f3798a9edddbdced3
kernel-modules-smp-3.2.83_smp-i686-1_slack14.0.txz
408771f2aca86e8e12b496908fe320b5
kernel-source-3.2.83_smp-noarch-1_slack14.0.txz

Slackware x86_64 14.0 packages:
f6a1a838ef49e6c3f11fd792abffdfe3 kernel-generic-3.2.83-x86_64-1_slack14.0.txz
61a41ce9892921069a0897ca541c38ed kernel-headers-3.2.83-x86-1_slack14.0.txz
82f97a98ad47d9fcd8dd6c138b090987 kernel-huge-3.2.83-x86_64-1_slack14.0.txz
b858d0d99b37e7d4dab9544db7c8ead5 kernel-modules-3.2.83-x86_64-1_slack14.0.txz
74d286781fa31a0b7fe7b7ea511563ba kernel-source-3.2.83-noarch-1_slack14.0.txz

Slackware 14.1 packages:
4158db7170350ae80636c2884cb0b276 kernel-generic-3.10.104-i486-1_slack14.1.txz
d2e09aa65882d4fbfd4cc8971f72b8d6
kernel-generic-smp-3.10.104_smp-i686-1_slack14.1.txz
82dd1b7902b7d9f74b0764ddae787e6b
kernel-headers-3.10.104_smp-x86-1_slack14.1.txz
4c8a8115f2754e1e208808089ed2c78f kernel-huge-3.10.104-i486-1_slack14.1.txz
611a97c6b2afe90c92b1285d052728f6
kernel-huge-smp-3.10.104_smp-i686-1_slack14.1.txz
62e5ea99a84d4ff6fc6a60cac9bc2bbf kernel-modules-3.10.104-i486-1_slack14.1.txz
fe18186221e19f59f4698a889e45da70
kernel-modules-smp-3.10.104_smp-i686-1_slack14.1.txz
f51b72e3054f83c9674962e1d6cbcdfb
kernel-source-3.10.104_smp-noarch-1_slack14.1.txz

Slackware x86_64 14.1 packages:
043c64488e53a591a5cb6bb5a90682d4
kernel-generic-3.10.104-x86_64-1_slack14.1.txz
ac84470b3834fc9d6928af2e8d949724 kernel-headers-3.10.104-x86-1_slack14.1.txz
176099b83a08cb193c857c7ea1ad8336 kernel-huge-3.10.104-x86_64-1_slack14.1.txz
240d7402c57b547dec0a448d326d4fc1
kernel-modules-3.10.104-x86_64-1_slack14.1.txz
27a7e86830a98f12e17fbe13f30263f7 kernel-source-3.10.104-noarch-1_slack14.1.txz

Slackware 14.2 packages:
3c7c7144d53483c93e9fb148ce9df108 kernel-generic-4.4.29-i586-1_slack14.2.txz
0948e7329b7cd8ad051551177e1b9495
kernel-generic-smp-4.4.29_smp-i686-1_slack14.2.txz
b853af24a50f12a1e35cbf58f3da9195 kernel-headers-4.4.29_smp-x86-1_slack14.2.txz
b93c5316864b04df29d1e3dffc02179c kernel-huge-4.4.29-i586-1_slack14.2.txz
ebbe654ebfb20c2b17b535a4eee568db
kernel-huge-smp-4.4.29_smp-i686-1_slack14.2.txz
77705e2112a9aad7e5b1eda5ae40a544 kernel-modules-4.4.29-i586-1_slack14.2.txz
f131c03dc4971b14f33267b6bc469018
kernel-modules-smp-4.4.29_smp-i686-1_slack14.2.txz
4020837286ff3678eafdfe8ca1b286dc
kernel-source-4.4.29_smp-noarch-1_slack14.2.txz

Slackware x86_64 14.2 packages:
7a3059455d20095c4914efc140eb93d3 kernel-generic-4.4.29-x86_64-1_slack14.2.txz
ddae426aa1cb94ef4a20706d9562b349 kernel-headers-4.4.29-x86-1_slack14.2.txz
a626808871b4543b932161e6024af471 kernel-huge-4.4.29-x86_64-1_slack14.2.txz
970ba7d37ad375a5e10ab35e4bf1c3c3 kernel-modules-4.4.29-x86_64-1_slack14.2.txz
245ff7965885ca956d2e5639c5f0f3a0 kernel-source-4.4.29-noarch-1_slack14.2.txz

Slackware -current packages:
14641c14bcaa9a4abff88b79958df0e6 a/kernel-generic-4.4.29-i586-1.txz
808060a20d6656a5696cfd5cba53ed80 a/kernel-generic-smp-4.4.29_smp-i686-1.txz
322d42e0d09fcda5d1c7c666b82aa42c a/kernel-huge-4.4.29-i586-1.txz
c4e4a12fe578c8d271706da7991cc951 a/kernel-huge-smp-4.4.29_smp-i686-1.txz
e387e16d5d591c8e356ccf54f25d8573 a/kernel-modules-4.4.29-i586-1.txz
c59f22b80fa306c4307290650699b5c0 a/kernel-modules-smp-4.4.29_smp-i686-1.txz
07f33b489f234c273744516bc1fd8900 d/kernel-headers-4.4.29_smp-x86-1.txz
ff91eed31a58bdac17b7bef3ded737a8 k/kernel-source-4.4.29_smp-noarch-1.txz

Slackware x86_64 -current packages:
3d355774da7a4a36f41041ab38ad2635 a/kernel-generic-4.4.29-x86_64-1.txz
552b9aaf58822a31991a4a84f37a7be2 a/kernel-huge-4.4.29-x86_64-1.txz
81b5b86c5b9793515ce473083514b637 a/kernel-modules-4.4.29-x86_64-1.txz
21c55dfb2e0986548cc654e69a2b5dc8 d/kernel-headers-4.4.29-x86-1.txz
5be03e0b8a0b65aec6db2c4a4f81360a k/kernel-source-4.4.29-noarch-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg kernel-*.txz

If you are using an initrd, you'll need to rebuild it.

For a 32-bit SMP machine, use this command (substitute the appropriate
kernel version if you are not running Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.29-smp | bash

For a 64-bit machine, or a 32-bit uniprocessor machine, use this command
(substitute the appropriate kernel version if you are not running
Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.29 | bash

Please note that "uniprocessor" has to do with the kernel you are
running,
not with the CPU. Most systems should run the SMP kernel (if they can)
regardless of the number of cores the CPU has. If you aren't sure which
kernel you are running, run "uname -a". If you see SMP there, you are
running the SMP kernel and should use the 4.4.29-smp version when running
mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit
systems should always use 4.4.29 as the version.

If you are using lilo or elilo to boot the machine, you'll need to ensure
that the machine is properly prepared before rebooting.

If using LILO:
By default, lilo.conf contains an image= line that references a symlink
that always points to the correct kernel. No editing should be required
unless your machine uses a custom lilo.conf. If that is the case, be sure
that the image= line references the correct kernel file. Either way,
you'll need to run "lilo" as root to reinstall the boot loader.

If using elilo:
Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish
to use, and then run eliloconfig to update the EFI System Partition.

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlgX5dUACgkQakRjwEAQIjOIVgCfUwhT14LaTkC5S+JoJlJNUvss
zGQAoIKl2DD02vg8X61QE6di8tTo1IRN
=l0xf
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung