LinuxQuestions.org - [Security] Mitigation & Patch

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - [Security] Mitigation & Patch (https://www.linuxquestions.org/questions/slackware-14/%5Bsecurity%5D-mitigation-and-patch-4175708118/)

CVE-2018-5786

https://nvd.nist.gov/vuln/detail/CVE-2018-5786

Code:

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang 

in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability 

to cause a denial of service via a crafted lrz file.

https://github.com/ckolivas/lrzip/issues/91

Patch:
https://github.com/ckolivas/lrzip/co...41ed95fb.patch

gnutls 3.7.5

https://gitlab.com/gnutls/gnutls/-/issues/1367

Code:

Fix out-of-bounds memcpy in gnutls_realloc_zero()

Patch:
https://gitlab.com/gnutls/gnutls/-/m...sts/1592.patch

seamonkey-2.53.12

https://wiki.linuxfromscratch.org/blfs/ticket/16567 to fix CVE-2022-1802 and CVE-2022-1529:

Code:

Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>

Date:                    2022-05-26

Initial Package Version: 2.53.12

Origin:                  Self

Upstream Status:        Not Applied, but backport submitted

Description:            Fixes CVE-2022-1802 in Seamonkey, which is an actively

                        exploited remote code execution vulnerability in the

                        JavaScript subsystem. This has been rated by Critical as

                        upstream, and backports the fix for this bug in Firefox.

                        This has been submitted to upstream as TESTED.

patch available here: https://www.linuxfromscratch.org/pat...ty_fix-1.patch

I started a new github project to take into account what marav mainly discovered:

Follow link: https://github.com/nobodino/slackware-secutity-patches

CVE-2022-32278

Code:

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop 

file on an attacker-controlled FTP server.

https://nvd.nist.gov/vuln/detail/CVE-2022-32278

Patch:
https://gitlab.xfce.org/xfce/exo/-/c...460d4ef796de9f

Should there be a sense of urgency about these problems?

Quote:

Hertzbleed Disclosed As New Family Of Side-Channel Attacks Affecting Intel + AMD

https://www.phoronix.com/scan.php?pa...&px=Hertzbleed

Quote:

Linux Patched For New Intel "MMIO Stale Data" Vulnerabilities

https://www.phoronix.com/scan.php?pa...ulnerabilities

Quote:

Originally Posted by cwizardone (Post 6360937)

Should there be a sense of urgency about these problems?

https://www.phoronix.com/scan.php?pa...&px=Hertzbleed

https://www.phoronix.com/scan.php?pa...ulnerabilities

They will be included in the next release:

https://git.kernel.org/pub/scm/linux...h=linux-5.18.y

Quote:

Originally Posted by marav (Post 6360954)

They will be included in the next release:
https://git.kernel.org/pub/scm/linux...h=linux-5.18.y

Thanks cwizardone and marav,

And similar updates were also back-ported to 5.15.y: https://git.kernel.org/pub/scm/linux...h=linux-5.15.y

Maybe time for a new Kernel in Slackware 15.0 too ...

-- kjh

All --

As expected, 5.15.48 includes a new mitigation for the mmio_stale_data CPU Bug.

Below are the diffs in Spectre / Meltdown Vulnerabilities and Mitigations between Kernel Versions 5.15.47 and 5.15.48

-- kjh

p.s. if anyone wants it, I can post my do-get-spectre-meltdown.sh script

Code:

# diff -Naur vuln-5.15.47.kjh.txt vuln-5.15.48.kjh.txt



--- vuln-5.15.47.kjh.txt        2022-06-17 06:01:50.766998851 -0500

+++ vuln-5.15.48.kjh.txt        2022-06-17 06:21:59.038889758 -0500

@@ -1,11 +1,11 @@

-Fri Jun 17 06:01:50 CDT 2022

+Fri Jun 17 06:21:59 CDT 2022

 

-  Linux kjhlt7.kjh.home 5.15.47.kjh #1 SMP PREEMPT Tue Jun 14 13:55:59 CDT 2022 x86_64 11th Gen Intel(R) Core(TM) i9-11900K @ 3.50GHz GenuineIntel GNU/Linux

+  Linux kjhlt7.kjh.home 5.15.48.kjh #1 SMP PREEMPT Thu Jun 16 09:12:49 CDT 2022 x86_64 11th Gen Intel(R) Core(TM) i9-11900K @ 3.50GHz GenuineIntel GNU/Linux

 

  dmesg

    microcode: microcode updated early to revision 0x53, date = 2022-03-09

-    Linux version 5.15.47.kjh (root@kjhlt7.kjh.home) (gcc (GCC) 11.2.0, GNU ld version 2.37-slack15) #1 SMP PREEMPT Tue Jun 14 13:55:59 CDT 2022

-    Command line: BOOT_IMAGE=/boot/vmlinuz-generic-5.15.47.kjh root=UUID=6c71cd77-2463-408e-a992-ad6064b0651b ro nvidia-drm.modeset=1

+    Linux version 5.15.48.kjh (root@kjhlt7.kjh.home) (gcc (GCC) 11.2.0, GNU ld version 2.37-slack15) #1 SMP PREEMPT Thu Jun 16 09:12:49 CDT 2022

+    Command line: BOOT_IMAGE=/boot/vmlinuz-generic-5.15.48.kjh root=UUID=6c71cd77-2463-408e-a992-ad6064b0651b ro nvidia-drm.modeset=1

    DMI: Notebook X170KM-G/X170KM-G, BIOS 1.07.06LS1 01/11/2020

 

  cpuinfo

@@ -15,13 +15,14 @@

    UCode Pkg:  intel-microcode-20220510-noarch-1_SBo_kjh  ( updated May 18 13:20 )

    UCode File: /lib/firmware/intel-ucode/06-a7-01        ( updated May 18 13:19 )

    UCode Info: 001/001: sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424

-    CPU bugs:  spectre_v1, spectre_v2, spec_store_bypass, swapgs

+    CPU bugs:  spectre_v1, spectre_v2, spec_store_bypass, swapgs, mmio_stale_data

 

  vulnerability and mitigation files in /sys/devices/system/cpu/vulnerabilities/

    itlb_multihit:      Not affected

    l1tf:                Not affected

    mds:                Not affected

    meltdown:            Not affected

+    mmio_stale_data:    Mitigation: Clear CPU buffers; SMT vulnerable

    spec_store_bypass:  Mitigation: Speculative Store Bypass disabled via prctl and seccomp

    spectre_v1:          Mitigation: usercopy/swapgs barriers and __user pointer sanitization

Is Slackware affected by this, https://www.linuxquestions.org/quest...os-4175714064/

BTW, this thread should a "sticky," IMHO.
:)

Quote:

Originally Posted by cwizardone (Post 6364743)

Is Slackware affected by this, https://www.linuxquestions.org/quest...os-4175714064/

BTW, this thread should a "sticky," IMHO.
:)

Following those links ends up with CVE-2021-4034 so this is an old known bug. Patches for Slackware was published in January. From http://ftp.slackware.com/pub/slackwa.../ChangeLog.txt :

Code:

+--------------------------+

Wed Jan 26 04:37:35 UTC 2022

l/polkit-0.120-i586-2.txz: Rebuilt.

[PATCH] pkexec: local privilege escalation.

Thanks to Qualys Research Labs for reporting this issue.

For more information, see:

https://blog.qualys.com/vulnerabilit...-cve-2021-4034

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-4034

(* Security fix *)

+--------------------------+

regards Henrik

Quote:

Originally Posted by cwizardone (Post 6364743)

Is Slackware affected by this, https://www.linuxquestions.org/quest...os-4175714064/
BTW, this thread should a "sticky," IMHO.

Not IMHO...
See sooner in this thread : https://www.linuxquestions.org/quest...8/#post6337175

I might add that when the CVE is adressed, there's less use...

GnuPG : CVE-2022-34903

Code:

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key 

information from a victim's keyring and other constraints (e.g., use of GPGME) are met, 

allows signature forgery via injection into the status line.

https://nvd.nist.gov/vuln/detail/CVE-2022-34903

The full story:
https://seclists.org/oss-sec/2022/q2/216

Patch, see:
https://bugs.archlinux.org/task/75229

Quote:

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities
Michael Larabel. 12 July 2022.
..... are the disclosure of two new X.Org Server vulnerabilities.
These issues affecting out-of-bounds accesses with the X.Org Server can lead to local privilege elevation on systems where the X.Org Server is running privileged and remote code execution for SSH X forwarding sessions........

The full story can be found here, https://www.phoronix.com/scan.php?pa...ly-12-Security

And a patched version has already been released.
The tarball, https://www.x.org/archive/individual...-21.1.4.tar.xz