SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, I have found a reference for this looking around a bit. With the word out I wonder if they'll actually wait until Monday. After missing the last soft deadline for release, I was targeting next Monday but it seems that's not a good day. We really don't want to release with a network service package in the main tree containing a 9.9 critical security issue.
I'm now targeting Wednesday 2022-02-02. We'll hope Slackware doesn't see its shadow that day.
LOL absolutely the best dealine one could choose 22-2-2 , perfect.
Security researchers have found a local privilege escalation bug in Linux distributions that allows any unprivileged user to execute code with the root superuser rights, giving them access to the entire system.
Security vendor Qualys called the bug PwnKit, and said it was introduced into the polkit or PolicyKit system-wide privilege control tool in May 2009, which is 12 years ago.
Qualys said the vulnerability lies in polkit's pkexec command, which has code bugs that let attackers do out-of-bounds writes to introduce unsafe environment variables.
edited: shloud have included from the article that patches and mitigation available, so no need to call this one a blocker
Security researchers have found a local privilege escalation bug in Linux distributions that allows any unprivileged user to execute code with the root superuser rights, giving them access to the entire system.
Security vendor Qualys called the bug PwnKit, and said it was introduced into the polkit or PolicyKit system-wide privilege control tool in May 2009, which is 12 years ago.
Qualys said the vulnerability lies in polkit's pkexec command, which has code bugs that let attackers do out-of-bounds writes to introduce unsafe environment variables.
edited: shloud have included from the article that patches and mitigation available, so no need to call this one a blocker
Well, I have found a reference for this looking around a bit. With the word out I wonder if they'll actually wait until Monday. After missing the last soft deadline for release, I was targeting next Monday but it seems that's not a good day. We really don't want to release with a network service package in the main tree containing a 9.9 critical security issue.
I'm now targeting Wednesday 2022-02-02. We'll hope Slackware doesn't see its shadow that day.
If the FOSS community isn't in a moment of calm, then push off a little longer. We've waited a long time for slackware 15, another few weeks to have this apparent flurry of updates isn't the end of the world.
Also, people that want it now can upgrade to current as it's stable enough for widespread use for most things and upgrading to release should be simple as there aren't any expected make worlds in the queue.
Several important fixes to FD handling in gspawn (#2503, #2506, #2580)
Several important fixes to GDBus message and GVariant parsing of invalid data (#2557, #2572)
Fix potential data loss due to missing fsync when saving files on btrfs (!2437)
Bugs fixed:
#2503 gspawn.c may clobber target fds
#2506 gspawn.c fails to close child_err_report_fd if it is duped to avoid conflation with one of the target_fds
#2557 Arrays of zero-element tuples with non-zero length lead to infinite loops in g_dbus_message_new_from_blob
#2572 Check for GVariant recursion depth before recursing
#2580 gspawn doesn't set CLOEXEC if close_range fails unexpectedly
!2394 Backport !1968 “gspawn: Fix file descriptor conflation issues” to glib-2-70
!2415 Backport !2412 “paramspec: fix unref annotation” to glib-2-70
!2437 Backport !2425 “gfileutils: Remove outdated BTRFS fsync optimization from set_contents” to glib-2-70
!2444 Backport !2435 “gspawn: Report errors with closing file descriptors between fork/exec” to glib-2-70
!2455 Backport !2454 gdbusmessage and gvariant fixes to glib-2-70
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.