SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Grub2 explicitly requires a "net" module, before the kernel loads, so it may bypass firewall and/or any kernel level mitigations.
The module contains dns/dhcp/ipv4/ipv6/icmp4/icmp6 among others. Figured it's intended, found no way to compile without it, and ultimately had to deface the offending module.
Missing so libraries and header files in the reiserfsprogs package prevents btrfs-convert to convert from reiserfs to btrfs.
In the configure log of btrfs-progs 6.2 6.1.3:
checking for reiserfscore >= 3.6.27... no
This prevents to convert a file system from reiserfs to btrfs as displayed in the configure summary:
btrfs-convert: yes (ext2)
This is because reiserfsprogs 3.6.27 is built by Slackware with the option "--disable-shared" and the libraries and headers are not shipped in the package.
PS this is not a security issue, but I am not sure this one deserves its own thread.
PPS Same issue building 6.2 but the configure log just says:
checking for REISERFS... no
Last edited by Didier Spaier; 03-01-2023 at 03:21 PM.
Didier,
Next time, "request for current" or, better, directly in my Changelog thread ;-)
Well, actually this issue also exists in Slackware 15.0 Maybe I should have opened a new thread, as I don't see a thread "issues" and there is not bugzilla.
PS: anyway, already solved..
Last edited by Didier Spaier; 03-01-2023 at 03:57 PM.
Well, actually this issue also exists in Slackware 15.0 Maybe I should have opened a new thread, as I don't see a thread "issues" and there is not bugzilla.
ok, so this one seems fine
Anyway, this is one of the threads I think Pat is reading closely
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting
methods by supplying a URL that starts with blank characters.
I've downloaded both and done a diff -Nurp and there are a lot of differences.
Also, the timestamp of the xz file on the archive doesn't match those of the other tarballs.
I've dropped ImageMagicks security folks a note so they can check it out, and it may be some sort of error rather than anything malicious, but in the meantime, a little caution might be in order.
There's already a 7.1.1-2, so maybe going to that might be prudent.
update: nevermind I mistyped the directory path on the diff file and instead of throwing an error it treated all the files like they were new, which is why there are differences showing.
Contents of the tarballs are identical, but the timestamp has changed and the sha256sum is different to what it was earlier so it does look like it was repackaged later than the other files.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.
The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
kwin_wayland crashes in KWaylandServer::OutputInterface::handle() when disabling and re-enabling
a screen and letting it get turned off via power management
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation.
If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling
pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
kwin_wayland crashes in KWaylandServer::OutputInterface::handle() when disabling and re-enabling
a screen and letting it get turned off via power management
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.