Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Linux
ID: SSA:2017-180-01
Distribution: Slackware
Plattformen: Slackware 14.1, Slackware x86_64 14.1
Datum: Fr, 30. Juni 2017, 07:05
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.1 kernel (SSA:2017-180-01)

New kernel packages are available for Slackware 14.1 to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/linux-3.10.107/*: Upgraded.
This kernel fixes two "Stack Clash" vulnerabilities reported by
Qualys.
The first issue may allow attackers to execute arbitrary code with elevated
privileges. Failed attack attempts will likely result in denial-of-service
conditions. The second issue can be exploited to bypass certain security
restrictions and perform unauthorized actions.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
(* Security fix *)
In addition, a patch is included and preapplied to guard against other == sk
in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls.
Thanks to Ben Stern for the bug report.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.1:
kernel-generic-3.10.107-i486-1.txz
kernel-generic-smp-3.10.107_smp-i686-1.txz
kernel-headers-3.10.107_smp-x86-1.txz
kernel-huge-3.10.107-i486-1.txz
kernel-huge-smp-3.10.107_smp-i686-1.txz
kernel-modules-3.10.107-i486-1.txz
kernel-modules-smp-3.10.107_smp-i686-1.txz
kernel-source-3.10.107_smp-noarch-1.txz

Updated packages for Slackware x86_64 14.1:
kernel-generic-3.10.107-x86_64-1.txz
kernel-headers-3.10.107-x86-1.txz
kernel-huge-3.10.107-x86_64-1.txz
kernel-modules-3.10.107-x86_64-1.txz
kernel-source-3.10.107-noarch-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 packages:
7a3dc2cd4c1067984d0cbc5e257eb0f8 kernel-generic-3.10.107-i486-1.txz
1ec7b64fec890841337dcb0b85c4189e kernel-generic-smp-3.10.107_smp-i686-1.txz
42be9d29509261878e11ee142ddc5835 kernel-headers-3.10.107_smp-x86-1.txz
c68758ab09860d8d9585eff27aa7b341 kernel-huge-3.10.107-i486-1.txz
1f27891b34076dfe3b1f1aa56c820017 kernel-huge-smp-3.10.107_smp-i686-1.txz
9b2f9044654c44b7fdaaf1dfa86c1f2b kernel-modules-3.10.107-i486-1.txz
68835ec8daffd1c101651cb1213917ea kernel-modules-smp-3.10.107_smp-i686-1.txz
c6b18ccd52ef37879f4791557b1350d1 kernel-source-3.10.107_smp-noarch-1.txz

Slackware x86_64 14.1 packages:
c363284f807203eb8fedfc0db35ab9c3 kernel-generic-3.10.107-x86_64-1.txz
7101db4ec1cbeb294f41fb65709fb030 kernel-headers-3.10.107-x86-1.txz
fef8c622ea91dcaeae915bf11de54aa1 kernel-huge-3.10.107-x86_64-1.txz
4985fb9284200278dd57f8ce14bc1670 kernel-modules-3.10.107-x86_64-1.txz
fdced05a099ab697bd91e75118163320 kernel-source-3.10.107-noarch-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg kernel-*.txz

If you are using an initrd, you'll need to rebuild it.

For a 32-bit SMP machine, use this command (substitute the appropriate
kernel version if you are not running Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107-smp | bash

For a 64-bit machine, or a 32-bit uniprocessor machine, use this command
(substitute the appropriate kernel version if you are not running
Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107 | bash

Please note that "uniprocessor" has to do with the kernel you are
running,
not with the CPU. Most systems should run the SMP kernel (if they can)
regardless of the number of cores the CPU has. If you aren't sure which
kernel you are running, run "uname -a". If you see SMP there, you are
running the SMP kernel and should use the 3.10.107-smp version when running
mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit
systems should always use 3.10.107 as the version.

If you are using lilo or elilo to boot the machine, you'll need to ensure
that the machine is properly prepared before rebooting.

If using LILO:
By default, lilo.conf contains an image= line that references a symlink
that always points to the correct kernel. No editing should be required
unless your machine uses a custom lilo.conf. If that is the case, be sure
that the image= line references the correct kernel file. Either way,
you'll need to run "lilo" as root to reinstall the boot loader.

If using elilo:
Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish
to use, and then run eliloconfig to update the EFI System Partition.


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAllVag8ACgkQakRjwEAQIjMVvgCbBFmq9wOhCGbRzHJ/NqnBw6hG
sfMAnik4vlFY46QlL2giW1rsnj0keojA
=eUL5
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung