-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Slackware 14.1 kernel (SSA:2017-180-01)

New kernel packages are available for Slackware 14.1 to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/linux-3.10.107/*:  Upgraded.
  This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys.
  The first issue may allow attackers to execute arbitrary code with elevated
  privileges. Failed attack attempts will likely result in denial-of-service
  conditions. The second issue can be exploited to bypass certain security
  restrictions and perform unauthorized actions.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
  (* Security fix *)
  In addition, a patch is included and preapplied to guard against other == sk
  in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls.
  Thanks to Ben Stern for the bug report.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.1:

Updated packages for Slackware x86_64 14.1:


MD5 signatures:
+-------------+

Slackware 14.1 packages:
7a3dc2cd4c1067984d0cbc5e257eb0f8  kernel-generic-3.10.107-i486-1.txz
1ec7b64fec890841337dcb0b85c4189e  kernel-generic-smp-3.10.107_smp-i686-1.txz
42be9d29509261878e11ee142ddc5835  kernel-headers-3.10.107_smp-x86-1.txz
c68758ab09860d8d9585eff27aa7b341  kernel-huge-3.10.107-i486-1.txz
1f27891b34076dfe3b1f1aa56c820017  kernel-huge-smp-3.10.107_smp-i686-1.txz
9b2f9044654c44b7fdaaf1dfa86c1f2b  kernel-modules-3.10.107-i486-1.txz
68835ec8daffd1c101651cb1213917ea  kernel-modules-smp-3.10.107_smp-i686-1.txz
c6b18ccd52ef37879f4791557b1350d1  kernel-source-3.10.107_smp-noarch-1.txz

Slackware x86_64 14.1 packages:
c363284f807203eb8fedfc0db35ab9c3  kernel-generic-3.10.107-x86_64-1.txz
7101db4ec1cbeb294f41fb65709fb030  kernel-headers-3.10.107-x86-1.txz
fef8c622ea91dcaeae915bf11de54aa1  kernel-huge-3.10.107-x86_64-1.txz
4985fb9284200278dd57f8ce14bc1670  kernel-modules-3.10.107-x86_64-1.txz
fdced05a099ab697bd91e75118163320  kernel-source-3.10.107-noarch-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg kernel-*.txz

If you are using an initrd, you'll need to rebuild it.

For a 32-bit SMP machine, use this command (substitute the appropriate
kernel version if you are not running Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107-smp | bash

For a 64-bit machine, or a 32-bit uniprocessor machine, use this command
(substitute the appropriate kernel version if you are not running
Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107 | bash

Please note that "uniprocessor" has to do with the kernel you are running,
not with the CPU.  Most systems should run the SMP kernel (if they can)
regardless of the number of cores the CPU has.  If you aren't sure which
kernel you are running, run "uname -a".  If you see SMP there, you are
running the SMP kernel and should use the 3.10.107-smp version when running
mkinitrd_command_generator.  Note that this is only for 32-bit -- 64-bit
systems should always use 3.10.107 as the version.

If you are using lilo or elilo to boot the machine, you'll need to ensure
that the machine is properly prepared before rebooting.

If using LILO:
By default, lilo.conf contains an image= line that references a symlink
that always points to the correct kernel.  No editing should be required
unless your machine uses a custom lilo.conf.  If that is the case, be sure
that the image= line references the correct kernel file.  Either way,
you'll need to run "lilo" as root to reinstall the boot loader.

If using elilo:
Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish
to use, and then run eliloconfig to update the EFI System Partition.


+-----+

Slackware: 2017-180-01: Slackware 14.1 kernel Security Update

June 29, 2017
New kernel packages are available for Slackware 14.1 to fix security issues

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/linux-3.10.107/*: Upgraded. This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys. The first issue may allow attackers to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions. The second issue can be exploited to bypass certain security restrictions and perform unauthorized actions. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 https://cve.mitre.org/cgi-bin...

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.1:
Updated packages for Slackware x86_64 14.1:

MD5 Signatures

Slackware 14.1 packages: 7a3dc2cd4c1067984d0cbc5e257eb0f8 kernel-generic-3.10.107-i486-1.txz 1ec7b64fec890841337dcb0b85c4189e kernel-generic-smp-3.10.107_smp-i686-1.txz 42be9d29509261878e11ee142ddc5835 kernel-headers-3.10.107_smp-x86-1.txz c68758ab09860d8d9585eff27aa7b341 kernel-huge-3.10.107-i486-1.txz 1f27891b34076dfe3b1f1aa56c820017 kernel-huge-smp-3.10.107_smp-i686-1.txz 9b2f9044654c44b7fdaaf1dfa86c1f2b kernel-modules-3.10.107-i486-1.txz 68835ec8daffd1c101651cb1213917ea kernel-modules-smp-3.10.107_smp-i686-1.txz c6b18ccd52ef37879f4791557b1350d1 kernel-source-3.10.107_smp-noarch-1.txz
Slackware x86_64 14.1 packages: c363284f807203eb8fedfc0db35ab9c3 kernel-generic-3.10.107-x86_64-1.txz 7101db4ec1cbeb294f41fb65709fb030 kernel-headers-3.10.107-x86-1.txz fef8c622ea91dcaeae915bf11de54aa1 kernel-huge-3.10.107-x86_64-1.txz 4985fb9284200278dd57f8ce14bc1670 kernel-modules-3.10.107-x86_64-1.txz fdced05a099ab697bd91e75118163320 kernel-source-3.10.107-noarch-1.txz

Severity
[slackware-security] Slackware 14.1 kernel (SSA:2017-180-01)
New kernel packages are available for Slackware 14.1 to fix security issues.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 3.10.107-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 3.10.107 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved