CVE-2016-10229 and older releases

You think you have found a bug? Let us know about it.

CVE-2016-10229 and older releases

Postby witek » 25. Apr 2017, 07:59

Hello,

I alredy posted this on Slackware forum but I must ask also here, as in fact I use Salix in my servers. Namely, there is much fuss recently in the web on the severe remote vulnerability CVE-2016-10229: https://www.theregister.co.uk/2017/04/14/new_critical_linux_kernel_flaw/

It seems to be fixed with latest Slackware kernels. What about the older ones? Is there a chance that there will be a patch released by the Salix or Slackware team for older releases?

Regards
User avatar
witek
 
Posts: 232
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Postby DidierSpaier » 26. Apr 2017, 01:45

Hello,

answer by Patrick Volkerding in this post: "It's been long fixed in Slackware 14.0 and newer."

Didier
DidierSpaier
 
Posts: 161
Joined: 20. Jun 2016, 20:15

Re: CVE-2016-10229 and older releases

Postby witek » 26. Apr 2017, 05:21

I know it is fixed with latest releases. What about older ones like 13.1?
User avatar
witek
 
Posts: 232
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Postby reedych » 26. Apr 2017, 06:46

witek wrote:I know it is fixed with latest releases. What about older ones like 13.1?

2.6.33 is no longer supported by official devs and will not be updated. However you can patch your kernel package for example to 3.2 kernel and stay security updated. In https://www.kernel.org/category/releases.html you can see all supported kernel versions.
reedych
 
Posts: 36
Joined: 11. Mar 2017, 05:24

Re: CVE-2016-10229 and older releases

Postby witek » 26. Apr 2017, 07:29

Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?
User avatar
witek
 
Posts: 232
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Postby gapan » 26. Apr 2017, 08:09

Haven't tried it, but it should work. Maybe you need to update lilo to a newer version first, the lilo in 13.1 might not support newer kernels. You can take the sources from 14.2 and build a new lilo package.

http://download.salixos.org/x86_64/14.2/source/a/lilo/

Just run:
Code: Select all
fakeroot slkbuild -X


You might want to edit the pkgrel in the SLKBUILD to reflect that this is your build for 13.1 first.
Image
Image
User avatar
gapan
Salix Wizard
 
Posts: 5184
Joined: 6. Jun 2009, 17:40

Re: CVE-2016-10229 and older releases

Postby reedych » 26. Apr 2017, 12:58

witek wrote:Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?

It can work, but I recommend to compile for yourself.
reedych
 
Posts: 36
Joined: 11. Mar 2017, 05:24

Re: CVE-2016-10229 and older releases

Postby witek » 27. Apr 2017, 07:55

It works with current kernel. Thanks
User avatar
witek
 
Posts: 232
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź


Return to Bugs