[slackware-security] dnsmasq (SSA:2021-040-01) New dnsmasq packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.Läs mer...
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/dnsmasq-2.84-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and remotely exploitable security issues: Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers. Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687. Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25683 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25684 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687 (* Security fix *) +--------------------------+
Inte än, men...
OBS!! Kvällens uppdateringar kräver lite läsning i changelog (överst på sidan, Meny -> ChangeLog Current...).
Men vid det här laget så vet ni ju redan att det är mer eller mindre ett måste att läsa den...
Kort version: När du kör slackpkg update, install-new och slutligen upgrade-all.
Installera inte de nya paketen under testing utan att ha 100% koll på dessa. Läs ChangeLog!!
Samtliga listade kärnor är nu släppta (10/2-21)
5.10.15 med 120 uppdateringar/ändringar sedan 5.10.14. ChangeLog.
5.4.97 med 65 uppdateringar/ändringar sedan 5.4.96. ChangeLog.
4.4.257 med 38 uppdateringar/ändringar sedan 4.4.256. ChangeLog.
Slackware 14.2 ej uppdaterat än, tror dock inte att Pat har tid att fixa uppdatering av senaste kernel 4.4.257 för Slackware 14.2
Så vi släpper dessa paket för er här att kunna ladda ner och uppdatera själv.
Förändringar vad gällande denna uppdatering.
(Tack till Robby Workman för den nya versionen av slackpkg och dess funktioner)
Senaste versionerna av Firefox:
85.0.1 (5/2-21) Releasenotes
ESR 78.7.1 Vilket också är senaste version för Slackware current (5/2-21). Releasenotes
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering