SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger).
Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list),
it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work
around blocking of the : character make it possible to give the impression that a new user has been added. In other words,
an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered
denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
We don't use that version of chfn, but rather the one in util-linux.
I saw it too late
Code:
# Don't ship the login utilities. We'll be using the ones from util-linux:
for file in /bin/login /sbin/runuser /usr/bin/chfn /usr/bin/chsh \
/usr/man/man1/chfn.1.gz /usr/man/man1/chsh.1.gz /usr/man/man1/login.1.gz \
/usr/man/man1/runuser.1.gz ; do
rm -f $PKG${file}
done
The admin shouldn't be using 'cat' for viewing files anyway, especially so when they're security related such as /etc/passwd. Tricks with control characters and terminal escape sequences have been known of for decades.
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,152
Rep:
Quote:
Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates
By Michael Larabel. 12 May 2023.
Well, this is a bit strange... Intel just published Friday afternoon CPU microcode updates for all supported processor families back to Coffee Lake "Gen 8" for undisclosed security updates........
cups-filters contains backends, filters, and other software required to get the cups printing service working on
operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network
printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval =
system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple
user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can
exploit this vulnerability to inject system commands which are executed in the context of the running server.
This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are
advised to upgrade when possible and to restrict access to network printers in the meantime.
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled.
This affects LuaTeX versions 1.04–1.16.1, which were included in TeX Live 2017–2022 as well as the original release of TeX Live 2023. This issue was fixed in LuaTeX 1.17.0, and is distributed as an update to TeX Live 2023.
This issue has been assigned CVE-2023-32700.
In Slackware 15.0:
Code:
luatex --version
This is LuaTeX, Version 1.13.2 (TeX Live 2021 on Slackware)
So I suggest to apply one of the patches from other distributions mentioned under Timeline at the bottom of the linked to document or build from the updated sources that it mentions. Thanks to Philippe Delavalade for the heads-up.
Last edited by Didier Spaier; 05-23-2023 at 02:15 PM.
Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not matching directly. Unencrypted connections are susceptible to man-in-the-middle attacks. Those connections could be established by using URLs with the http instead of the https scheme. With HSTS, the https scheme must be used regardless.
Solution: Apply the following patch or update to Qt 5.15.14, Qt 6.2.9 or Qt 6.5.1
Curl security update 8.1.0 for Slackware 15.0 breaks all-numeric hostnames
After applying the recommended security update Curl 8.1.0 to Slackware-64 15.0, some well-formed URLs cannot be parsed.
The problem is an acknowledged regression in Curl 8.1.0.
An emergency patch release tagged Curl 8.1.1 was posted by the Curl team.
Security release 2022.10.3 (Oct 31, 2022)
Rejected zero-sized runs
Avoided merging runlists with no runs
Security version 2022.5.17 (May 26, 2022)
Improved defence against maliciously tampered NTFS partitions
Improved defence against improper use of options
Updated the documentation
---
NTP 4.2.8p16 (Harlan Stenn <stenn@ntp.org>, 2023 May 30)
Focus: Security, Bug fixes
Severity: LOW
This release:
- fixes 4 vulnerabilities (3 LOW and 1 None severity),
- fixes 46 bugs
- includes 15 general improvements
- adds support for OpenSSL-3.0
Details below:
* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
* [Sec 3807] praecis_parse() in the Palisade refclock driver has a
hypothetical input buffer overflow. Reported by ... stenn@
* [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org>
- solved numerically instead of using string manipulation
* [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled.
<stenn@ntp.org>
Edit: Observing possible issues on #ntp at Libera.Chat so no rush.
Another edit:
Code:
13:10:37 <opty> i use "pool cz.pool.ntp.org iburst", do you recommend upgrade to 4.2.8p16 then?
[...]
13:13:54 <@harlan> opty: I could be wrong. It seems to me like this change, even if we don't keep it, will only cause
potential difficulty at the initial start, and the long-term behavior seems clearly better.
13:14:02 <davehart> opty pool associations have their initial poll delayed by 3s after the response to solicitation. They
are not affected by the up to 64s first poll issue in p16, so I would recommend you upgrade. I'd also
recommend you consider trying the change to automatically hone in the best pool servers from your unique
perspective. That's at https://people.nwtime.org/hart/ntp-dev-3792-msm-v2.tar.gz
Last edited by opty; 06-01-2023 at 06:50 AM.
Reason: quotes
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.