SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sorry that last link's supposed to be 3662 not 3643. And ffmpeg openh264 works totally fine here, it's just gmp-api that's failing.
Additionally, to respect the thread title and talk more about the patch, rather than just mitigation:
This script from SBo is good for building libopenh264.so.2.3.1, h264dec, and h264enc.
Code:
# Slackware build script for openh264
# Copyright 2022-2023 Vijay Marcel
# All rights reserved.
Currently, it does not build libgmpopenh264.so (which is what Fedora appears to be doing, and also gentoo).
So now, there's no mechanism to upgrade gmp plugin, and everyone here relies on mozilla to ship one over insecure connection.
Only thing that made me realize this, is the habit of blocking port 80 in my house.
Regarding the patch for SBo script, gentoo ebuild was very helpful as it contains many hints on how to mitigate this properly.
Personally, I just pulled from github and copied gmp-api-Firefox114_2 into openh264 source tree and included yet another make command:
To prevent the browser from overwriting new plugin with the old, vulnerable one.
I've already solved it locally, just looking to improve the SlackBuild TBH.
Last edited by elcore; 06-20-2023 at 10:37 AM.
Reason: more info
"Hello, this is CVE-2023-20593, a use-after-free in AMD Zen2 processors.
Yes, you read that right
This includes at least the following products:
- AMD Ryzen 3000 Series Processors
- AMD Ryzen PRO 3000 Series Processors
- AMD Ryzen Threadripper 3000 Series Processors
- AMD Ryzen 4000 Series Processors with Radeon Graphics
- AMD Ryzen PRO 4000 Series Processors
- AMD Ryzen 5000 Series Processors with Radeon Graphics
- AMD Ryzen 7020 Series Processors with Radeon Graphics
- AMD EPYC 7002 Series Processors
[...]
The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
CVE-2023-20593 has been fixed in the kernel-firmware package provided yesterday for -current. and 15.0, at least. I also upgraded the kernel-firmware package for Slint64-15.0 to fix this issue.
Last edited by Didier Spaier; 07-25-2023 at 09:51 AM.
nv_driver.c:1451:23: warning: implicit declaration of function 'wfbScreenInit'; did you mean 'fbScreenInit'? [-Wimplicit-function-declaration]
1451 | ret = wfbScreenInit(pScreen, FBStart, pScrn->virtualX,
| ^~~~~~~~~~~~~
| fbScreenInit
Patch:
Code:
xf86-video-nouveau calls wfbScreenInit without defining
FB_ACCESS_WRAPPER (which has other unintended side effects).
Presently, this compiles and links because compilers still support
implicit function declarations, but this is going to change fairly
soon. This seems to be the most straightforward change to keep
the driver building.
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,152
Rep:
Quote:
AMD "INCEPTION" CPU Vulnerability Disclosed
By Michael Larabel. 8 August 2023.
AMD has kicked off a busy Patch Tuesday by disclosing INCEPTION, a new speculative side channel attack affecting Zen 3 and Zen 4 processors...........
This will need to use python3, not python. Also, the python3 installer line is missing.
Due to missing modules for the new wheel installer method, this is less trivial than it appears, but ppr:kut has done some good work on the infrastructure that I suppose should be committed sooner rather than later, so I'll look into it. Thanks.
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,152
Rep:
Quote:
Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications
2 Hours Ago
This Patch Tuesday brings a new and potentially painful processor speculative execution vulnerability... Downfall, or as Intel prefers to call it is GDS: Gather Data Sampling. GDS/Downfall affects the gather instruction with AVX2 and AVX-512 enabled processors. At least the latest-generation Intel CPUs are not affected but Tigerlake / Ice Lake back to Skylake is confirmed to be impacted. There is microcode mitigation available but it will be costly for AVX2/AVX-512 workloads with GATHER instructions in hot code-paths and thus widespread software exposure particularly for HPC and other compute-intensive workloads that have relied on AVX2/AVX-512 for better performance.......
Linux 6.5 Patches Merged For Intel GDS/DOWNFALL, AMD INCEPTION
By Michael Larabel. 8 August 2023.
There used to be a time when Patch Tuesday wasn't so busy in the Linux space, but certainly not this month... Linus Torvalds just pushed the kernel code changes around AMD INCEPTION and Intel DOWNFALL as well as other security patches...........
CVE-2023-39975 Fix double-free in KDC TGS processing
Code:
In MIT krb5 release 1.21, an authenticated attacker can cause a KDC to
free the same pointer twice if it can induce a failure in
authorization data handling.
duplicated sinks after resume or switching audio device profiles
Code:
When my system resumes from suspend state, or switch profiles, my audio device will have multiple options,
in fact I only have one input device and one output device
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.