CVE-2016-10229 and older releases

You think you have found a bug? Let us know about it.
Post Reply
User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

CVE-2016-10229 and older releases

Post by witek »

Hello,

I alredy posted this on Slackware forum but I must ask also here, as in fact I use Salix in my servers. Namely, there is much fuss recently in the web on the severe remote vulnerability CVE-2016-10229: https://www.theregister.co.uk/2017/04/1 ... rnel_flaw/

It seems to be fixed with latest Slackware kernels. What about the older ones? Is there a chance that there will be a patch released by the Salix or Slackware team for older releases?

Regards
DidierSpaier
Posts: 518
Joined: 20. Jun 2016, 20:15

Re: CVE-2016-10229 and older releases

Post by DidierSpaier »

Hello,

answer by Patrick Volkerding in this post: "It's been long fixed in Slackware 14.0 and newer."

Didier
User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Post by witek »

I know it is fixed with latest releases. What about older ones like 13.1?
reedych
Posts: 37
Joined: 11. Mar 2017, 05:24

Re: CVE-2016-10229 and older releases

Post by reedych »

witek wrote:I know it is fixed with latest releases. What about older ones like 13.1?
2.6.33 is no longer supported by official devs and will not be updated. However you can patch your kernel package for example to 3.2 kernel and stay security updated. In https://www.kernel.org/category/releases.html you can see all supported kernel versions.
User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Post by witek »

Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: CVE-2016-10229 and older releases

Post by gapan »

Haven't tried it, but it should work. Maybe you need to update lilo to a newer version first, the lilo in 13.1 might not support newer kernels. You can take the sources from 14.2 and build a new lilo package.

http://download.salixos.org/x86_64/14.2/source/a/lilo/

Just run:

Code: Select all

fakeroot slkbuild -X
You might want to edit the pkgrel in the SLKBUILD to reflect that this is your build for 13.1 first.
Image
Image
reedych
Posts: 37
Joined: 11. Mar 2017, 05:24

Re: CVE-2016-10229 and older releases

Post by reedych »

witek wrote:Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?
It can work, but I recommend to compile for yourself.
User avatar
witek
Posts: 233
Joined: 16. Nov 2009, 13:41
Location: Poland.Łódź

Re: CVE-2016-10229 and older releases

Post by witek »

It works with current kernel. Thanks
Post Reply