OpenSSH 3.9p... I'm surprized it's not in the changelog. Actually,
it's been out since Aug.17, according to their website. Anyone else
think that Slack's gotten quite slow about new updates?


--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Well there are many updates missing lately. But I'm sure Pat. will
update soon.

Message posted via:
=====================
www.linuxpackages.net/forum
www.linuxpackages.net
Expanding the world of Slackware
=====================

jayjwa <jayjwa@nowhere.org> wrote:
>
> OpenSSH 3.9p... I'm surprized it's not in the changelog. Actually,
> it's been out since Aug.17, according to their website. Anyone else
> think that Slack's gotten quite slow about new updates?

Same feeling here, yes. I'm still waiting for some security updates that
other distrbutions made (KDE, xine, and so on...)

jayjwa <jayjwa@hotmail.com> wrote:
>
>OpenSSH 3.9p... I'm surprized it's not in the changelog. Actually,
>it's been out since Aug.17, according to their website. Anyone else
>think that Slack's gotten quite slow about new updates?

It was announced one day later, so it's only been four days now... And this
time they were not forced to release it because of another security problem.

But there are some security patches missing like rsync which was
reported Aug 16. Kernel 2.4.27 was announced Aug 8 and it fixed several
security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, Petri Kaukasoina dared to utter,
> Kernel 2.4.27 was announced Aug 8 and it fixed several
> security issues.

The 2.4.26 kernels Slackware 10.0 ships are patched against the local
DOS, even if the changelog doesn't say so. I spoke with Pat on the
issue. You can even find the patch under a security directory in the
slackware source section on your favorite mirror. The kernel source was
prepatched before shipping as well.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBKSCelKR45I6cfKARAvrHAJ4hNPuR2ajVFBn5dQPcs7 DWTGhkmQCfcm7K
WnMsHRzPlwK+ViHF0hJWU1w=
=mcQu
-----END PGP SIGNATURE-----

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

pgp trash troll delete

+Alan Hicks+ <alan@lizella.network> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> In alt.os.linux.slackware, Petri Kaukasoina dared to utter,
> > Kernel 2.4.27 was announced Aug 8 and it fixed several
> > security issues.

> The 2.4.26 kernels Slackware 10.0 ships are patched against the local
> DOS, even if the changelog doesn't say so. I spoke with Pat on the
> issue. You can even find the patch under a security directory in the
> slackware source section on your favorite mirror. The kernel source was
> prepatched before shipping as well.

> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)

> iD8DBQFBKSCelKR45I6cfKARAvrHAJ4hNPuR2ajVFBn5dQPcs7 DWTGhkmQCfcm7K
> WnMsHRzPlwK+ViHF0hJWU1w=
> =mcQu
> -----END PGP SIGNATURE-----

+Alan Hicks+ <alan@lizella.netWORK> wrote:
>The 2.4.26 kernels Slackware 10.0 ships are patched against the local
>DOS, even if the changelog doesn't say so.

Yes, it's patched against CAN-2004-0554. But the announcement for 2.4.27
tells us:

Here is a list of the most important security issues fixed by this release:

CAN-2004-0495 (Al Viro sparse fixes)
CAN-2004-0497 (users could modify group ID of arbitrary files on the system)
CAN-2004-0535 (e1000 minor info leak)
CAN-2004-0685 (backported Conectiva usb sparse fixes)
CAN-2004-0415 (file offset pointer handling race)
CAN-2004-0565 (information leak ia64)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, Petri Kaukasoina dared to utter,
> Here is a list of the most important security issues fixed by this release:

Interesting. I hadn't heard about any of these other problems in the
2.4.26 kernel.

> CAN-2004-0495 (Al Viro sparse fixes)

I find the following information for this "vulnerability".

o Al Viro sparse fixes: decnet user pointer dereference
o Al Viro sparse fixes: mpu401 user pointer dereference
o Al Viro sparse fixes: msnd user pointer dereference & assorted fixes
o Al Viro sparse fixes: pss user pointer dereference
o Al Viro sparse fixes: aironet
o Al Viro sparse fixes: asus_acpi user pointer dereference

Nothing here really jumps out to me as anything serious. Looks more
like code clean-ups to fix issues that might one day be exploited if
conditions are right.

> CAN-2004-0497 (users could modify group ID of arbitrary files on the system)

This one certainly looks a little more serious. Missing call to fsuid()
in chown() allows an NFS client to modify the group permissions (and
only the group permissions) on the NFS server. Note of course that the
user would have to be a member of the group, so this may be a little
more difficult to exploit than first impressions state.

> CAN-2004-0535 (e1000 minor info leak)

The only information I can find in the changelog is a credit to Chris
Wright for fixing a "probable security hole".

> CAN-2004-0685 (backported Conectiva usb sparse fixes)

I found nothing of note in the Changelog for this.

> CAN-2004-0415 (file offset pointer handling race)

Not sure how important this one is for most users. The only specific
mention of file offset fixes is in net/atm/br2684.c.

> CAN-2004-0565 (information leak ia64)

Of course this is only of interest to a very small minority of users
with ia64 machines. With that said there seems to be a lot of changes
in this kernel for that processor. Definately an upgrade you want if
you're running ia64.

Anyone got any corrections or flames for me? Prove me wrong here and
I'll assign two BOZO points!

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBKfdqlKR45I6cfKARAuDOAKCshro9rtoT2B0s0q0UEI hnRslEfgCfQCqS
nAQzPx1AaNDMkvAnakBZ1no=
=dvkh
-----END PGP SIGNATURE-----

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

pgp trash troll delete

+Alan Hicks+ <alan@lizella.network> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> In alt.os.linux.slackware, Petri Kaukasoina dared to utter,
> > Here is a list of the most important security issues fixed by this release:

> Interesting. I hadn't heard about any of these other problems in the
> 2.4.26 kernel.

> > CAN-2004-0495 (Al Viro sparse fixes)

> I find the following information for this "vulnerability".

> o Al Viro sparse fixes: decnet user pointer dereference
> o Al Viro sparse fixes: mpu401 user pointer dereference
> o Al Viro sparse fixes: msnd user pointer dereference & assorted fixes
> o Al Viro sparse fixes: pss user pointer dereference
> o Al Viro sparse fixes: aironet
> o Al Viro sparse fixes: asus_acpi user pointer dereference

> Nothing here really jumps out to me as anything serious. Looks more
> like code clean-ups to fix issues that might one day be exploited if
> conditions are right.

> > CAN-2004-0497 (users could modify group ID of arbitrary files on the system)

> This one certainly looks a little more serious. Missing call to fsuid()
> in chown() allows an NFS client to modify the group permissions (and
> only the group permissions) on the NFS server. Note of course that the
> user would have to be a member of the group, so this may be a little
> more difficult to exploit than first impressions state.

> > CAN-2004-0535 (e1000 minor info leak)

> The only information I can find in the changelog is a credit to Chris
> Wright for fixing a "probable security hole".

> > CAN-2004-0685 (backported Conectiva usb sparse fixes)

> I found nothing of note in the Changelog for this.

> > CAN-2004-0415 (file offset pointer handling race)

> Not sure how important this one is for most users. The only specific
> mention of file offset fixes is in net/atm/br2684.c.

> > CAN-2004-0565 (information leak ia64)

> Of course this is only of interest to a very small minority of users
> with ia64 machines. With that said there seems to be a lot of changes
> in this kernel for that processor. Definately an upgrade you want if
> you're running ia64.

> Anyone got any corrections or flames for me? Prove me wrong here and
> I'll assign two BOZO points!

> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)

> iD8DBQFBKfdqlKR45I6cfKARAuDOAKCshro9rtoT2B0s0q0UEI hnRslEfgCfQCqS
> nAQzPx1AaNDMkvAnakBZ1no=
> =dvkh
> -----END PGP SIGNATURE-----

>> CAN-2004-0495 (Al Viro sparse fixes)

http://www.cve.mitre.org/cgi-bin/cve...=CAN-2004-0495
has a description: "Multiple unknown vulnerabilities in Linux kernel 2.4 and
2.6 allow local users to gain privileges or access kernel memory, as found
by the Sparse source code checking tool."

>> CAN-2004-0535 (e1000 minor info leak)

"The e1000 driver for Linux kernel 2.4.26 and earlier does not properly
initialize memory before using it, which allows local users to read portions
of kernel memory."

>> CAN-2004-0685 (backported Conectiva usb sparse fixes)
>
>I found nothing of note in the Changelog for this.

I guess the number is wrong.

>
>> CAN-2004-0415 (file offset pointer handling race)

"Linux kernel does not properly convert 64-bit file offset pointers to 32
bits, which allows local users to access portions of kernel memory."