CVE-2016-10229 and older releases

You think you have found a bug? Let us know about it.
Post Reply
User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

CVE-2016-10229 and older releases

Post by witek » 25. Apr 2017, 07:59

Hello,

I alredy posted this on Slackware forum but I must ask also here, as in fact I use Salix in my servers. Namely, there is much fuss recently in the web on the severe remote vulnerability CVE-2016-10229: https://www.theregister.co.uk/2017/04/1 ... rnel_flaw/

It seems to be fixed with latest Slackware kernels. What about the older ones? Is there a chance that there will be a patch released by the Salix or Slackware team for older releases?

Regards

DidierSpaier
Posts: 264
Joined: 20. Jun 2016, 20:15

Re: CVE-2016-10229 and older releases

Post by DidierSpaier » 26. Apr 2017, 01:45

Hello,

answer by Patrick Volkerding in this post: "It's been long fixed in Slackware 14.0 and newer."

Didier

User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Post by witek » 26. Apr 2017, 05:21

I know it is fixed with latest releases. What about older ones like 13.1?

reedych
Posts: 37
Joined: 11. Mar 2017, 05:24

Re: CVE-2016-10229 and older releases

Post by reedych » 26. Apr 2017, 06:46

witek wrote:I know it is fixed with latest releases. What about older ones like 13.1?
2.6.33 is no longer supported by official devs and will not be updated. However you can patch your kernel package for example to 3.2 kernel and stay security updated. In https://www.kernel.org/category/releases.html you can see all supported kernel versions.

User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Post by witek » 26. Apr 2017, 07:29

Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?

User avatar
gapan
Salix Wizard
Posts: 5356
Joined: 6. Jun 2009, 17:40

Re: CVE-2016-10229 and older releases

Post by gapan » 26. Apr 2017, 08:09

Haven't tried it, but it should work. Maybe you need to update lilo to a newer version first, the lilo in 13.1 might not support newer kernels. You can take the sources from 14.2 and build a new lilo package.

http://download.salixos.org/x86_64/14.2/source/a/lilo/

Just run:

Code: Select all

fakeroot slkbuild -X
You might want to edit the pkgrel in the SLKBUILD to reflect that this is your build for 13.1 first.
Image
Image

reedych
Posts: 37
Joined: 11. Mar 2017, 05:24

Re: CVE-2016-10229 and older releases

Post by reedych » 26. Apr 2017, 12:58

witek wrote:Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?
It can work, but I recommend to compile for yourself.

User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Post by witek » 27. Apr 2017, 07:55

It works with current kernel. Thanks

Post Reply