SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With `samba-libs` >= 4.16, when user connect to the windows file sharing with incorrect
user credential, the error code is `EINVAL`.
The user should get the password dialog to enter username and password if the error code is `EINVAL`.
A flaw in grub2 was found where its configuration file, known as grub.cfg,
is being created with the wrong permission set allowing non privileged users
to read its content. This represents a low severity confidentiality issue,
as those users can eventually read any encrypted passwords present in grub.cfg.
This flaw affects grub2 2.06 and previous versions. This issue has been fixed
in grub upstream but no version with the fix is currently released
Probably he talks about running "grub-mkconfig -o /boot/grub/grub.cfg" which will recreate the config file with wrong permissions, unless your patch is applied.
Probably he talks about running "grub-mkconfig -o /boot/grub/grub.cfg" which will recreate the config file with wrong permissions, unless your patch is applied.
blackstar:grub:# grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
Found theme: /boot/grub/themes/breeze/theme.txt
Found linux image: /boot/vmlinuz-custom-5.19.9-1
Found initrd image: /boot/initrd-5.19.9-1.gz
Found linux image: /boot/vmlinuz-generic-5.19.9
Found initrd image: /boot/initrd.gz
Found linux image: /boot/vmlinuz-huge-5.19.9
Adding boot menu entry for UEFI Firmware Settings ...
done
Excuse me, I was just being sarcastic because of "do not edit this file it will be overwritten on update" note in grub.cfg.
It really doesn't concern me because I write my own grub.cfg manually so for me it's more of a joke than a security vulnerability.
Never used mkconfig, os-prober or any other grub scripts & Slackware doesn't require any of that mess because it ships with lilo.
Last edited by elcore; 09-19-2022 at 10:07 AM.
Reason: typo
It's only affecting joke systems which update grub on each kernel update.
And to keep the thread on-topic, rather than argue about whether or not Slackware is affected by this joke vulnerability..
Here is something affecting each and every one of us web browser users: https://www.bleepingcomputer.com/new...rs-spellcheck/
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials
after installing a file. A local unprivileged user could use this flaw to exchange the original file with
a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat
from this vulnerability is to data confidentiality and integrity as well as system availability.
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw
to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501,
potentially gaining root privileges. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
client/plasmashell: add fallback for applet popups
When the compositor doesn't support applet popups, the current code sends an
invalid surface role. This causes KWin to fall back to the "normal" surface role
and do normal window placement on it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.