LinuxQuestions.org - [Security] Mitigation & Patch

Page 1 of 23

Show 50 post(s) from this thread on one page

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - [Security] Mitigation & Patch (https://www.linuxquestions.org/questions/slackware-14/%5Bsecurity%5D-mitigation-and-patch-4175708118/)

marav

02-16-2022 02:19 AM

[Security] Mitigation & Patch

Maybe we could stick this one ?

marav

02-16-2022 02:21 AM

libexpat: before 2.4.5

CVE-2022-25236
lib: Protect against insertion of namesep characters into namespace URIs
https://github.com/libexpat/libexpat/pull/561

CVE-2022-25235
lib: Protect against malformed encoding (e.g. malformed UTF-8)
https://github.com/libexpat/libexpat/pull/562

marav

02-17-2022 07:19 AM

Vim: before 8.2.4397

"Crash when using many composing characters in error message"
https://nvd.nist.gov/vuln/detail/CVE-2022-0629

severity: 8.4

Patch:
https://github.com/vim/vim/commit/34...2729db278163fc

Or upgrade to the latest version

marav

02-18-2022 01:08 AM

Quote:

Originally Posted by marav (Post 6330145)

+

CVE-2022-25313
Prevent stack exhaustion in build_model
https://github.com/libexpat/libexpat/pull/558

CVE-2022-25314
Prevent integer overflow in copyString
https://github.com/libexpat/libexpat/pull/560

CVE-2022-25315
Prevent integer overflow in storeRawNames
https://github.com/libexpat/libexpat/pull/559

marav

02-23-2022 12:21 PM

vim : Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440

CVE-2022-0729
https://nvd.nist.gov/vuln/detail/CVE-2022-0729

patch 8.2.4440: crash with specific regexp pattern and string
https://github.com/vim/vim/commit/64...af09974604ff30

hitest

02-23-2022 12:32 PM

Quote:

Originally Posted by marav (Post 6330144)

Maybe we could stick this one ?

Agreed. Good suggestion!

kjhambrick

02-23-2022 05:14 PM

Quote:

marav said:

Maybe we could stick this one ?

+1 from TX :)

marav

02-28-2022 04:44 AM

gettext : patch

from archlinux:

Code:

This uses an internal version of libcroco, which has known security issues. 

As a consequence, the internal version of libxml2 is also not used

https://github.com/archlinux/svntogi...extstyle.patch

build option:

Code:

--without-included-gettext

note : bison must be rebuild with this patched gettext

semiprime

03-07-2022 04:00 PM

"Dirty Pipe" kernel vulnerability - CVE-2022-0847

Details: https://dirtypipe.cm4all.com/

Summary: "a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes."

Fixed in kernels 5.16.11, 5.15.25 and 5.10.102.

Daedra

03-08-2022 11:11 AM

Quote:

Originally Posted by semiprime (Post 6336004)

Apparently this one is particularly nasty
https://arstechnica.com/information-...lity-in-years/

marav

03-10-2022 08:25 AM

polkit 0.120

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion.

CVE 2021-4115:
https://github.com/advisories/GHSA-vvr6-r92h-x7jw

Patch:
https://gitlab.com/redhat/centos-str...42b0f2b15c531e

EDIT: already reported by @gmgf in "request for current"

cwizardone

03-10-2022 10:51 AM

Anyone else think this thread should be made "sticky"?
:)

Tonus

03-10-2022 03:00 PM

Not so sure. Average users depend on Pat's reactivity and for more advanced or concerned users, there're mailing lists and so on...

cwizardone

03-10-2022 04:31 PM

Quote:

Originally Posted by Tonus (Post 6336989)

Not so sure. Average users depend on Pat's reactivity and for more advanced or concerned users, there're mailing lists and so on...

Sorry, I don't understand. What is "Pat's reactivity"?

Tonus

03-10-2022 07:25 PM

Sorry for my bad english : Pat's speed to update.
I can't fix that myself, I rely on his fix.

All times are GMT -5. The time now is 07:28 PM.

Page 1 of 23

Last »

Show 50 post(s) from this thread on one page