Slackware Linux ProjectSSA-2010-265-01[slackware-security] 64-bit kernel
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%
New kernel packages are available for Slackware x86_64 13.1, and -current to
fix security issues.
Here are the details from the Slackware64 13.1 ChangeLog:
patches/packages/linux-2.6.33.4-2/kernel-firmware-2.6.33.4-noarch-2.txz: Rebuilt.
patches/packages/linux-2.6.33.4-2/kernel-generic-2.6.33.4-x86_64-2.txz: Rebuilt.
This kernel has been patched to fix security problems on x86_64:
64-bit Compatibility Mode Stack Pointer Underflow (CVE-2010-3081).
IA32 System Call Entry Point Vulnerability (CVE-2010-3301).
These vulnerabilities allow local users to gain root privileges.
For more information, see:
https://vulners.com/cve/CVE-2010-3081
https://vulners.com/cve/CVE-2010-3301
(* Security fix )
patches/packages/linux-2.6.33.4-2/kernel-headers-2.6.33.4-x86-2.txz: Rebuilt.
patches/packages/linux-2.6.33.4-2/kernel-huge-2.6.33.4-x86_64-2.txz: Rebuilt.
Patched for CVE-2010-3081 and CVE-2010-3301.
( Security fix )
patches/packages/linux-2.6.33.4-2/kernel-modules-2.6.33.4-x86_64-2.txz: Rebuilt.
patches/packages/linux-2.6.33.4-2/kernel-source-2.6.33.4-noarch-2.txz: Rebuilt.
Patched for CVE-2010-3081 and CVE-2010-3301.
( Security fix )
patches/packages/linux-2.6.33.4-2/kernels/: Rebuilt.
Patched for CVE-2010-3081 and CVE-2010-3301.
(* Security fix *)
Where to find the new packages:
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/linux-2.6.33.4-2/
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-firmware-2.6.33.4-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-generic-2.6.33.4-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-huge-2.6.33.4-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-modules-2.6.33.4-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/kernel-headers-2.6.33.4-x86-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/k/kernel-source-2.6.33.4-noarch-2.txz
MD5 signatures:
Slackware x86_64 13.1 packages:
3acafe92c2cb76b96d4d92cd0f49bb2e patches/packages/linux-2.6.33.4-2/kernel-firmware-2.6.33.4-noarch-2.txz
7707cbdfb25b7ef9ece74d594e61933d patches/packages/linux-2.6.33.4-2/kernel-generic-2.6.33.4-x86_64-2.txz
983269e0d2f825f4d5737f705bdc2998 patches/packages/linux-2.6.33.4-2/kernel-headers-2.6.33.4-x86-2.txz
0eeb83c2362db0703753ee7bb9955edc patches/packages/linux-2.6.33.4-2/kernel-huge-2.6.33.4-x86_64-2.txz
3b00e0e1f7a5b935ca519e09ecf79f4a patches/packages/linux-2.6.33.4-2/kernel-modules-2.6.33.4-x86_64-2.txz
17f2f30749d4bcd55353f8c92f732104 patches/packages/linux-2.6.33.4-2/kernel-source-2.6.33.4-noarch-2.txz
Slackware x86_64 -current packages:
3acafe92c2cb76b96d4d92cd0f49bb2e a/kernel-firmware-2.6.33.4-noarch-2.txz
7707cbdfb25b7ef9ece74d594e61933d a/kernel-generic-2.6.33.4-x86_64-2.txz
0eeb83c2362db0703753ee7bb9955edc a/kernel-huge-2.6.33.4-x86_64-2.txz
3b00e0e1f7a5b935ca519e09ecf79f4a a/kernel-modules-2.6.33.4-x86_64-2.txz
983269e0d2f825f4d5737f705bdc2998 d/kernel-headers-2.6.33.4-x86-2.txz
17f2f30749d4bcd55353f8c92f732104 k/kernel-source-2.6.33.4-noarch-2.txz
Installation instructions:
Upgrade the packages as root:
> upgradepkg kernel-*txz
Then, make sure that LILO is configured to be using the correct kernel
file, and reinstall LILO (run “lilo” as root).
NOTE FOR SPEAKUP:
If you are using a Speakup kernel, you will need to copy the bzImage file from
the kernels/speakup.s/ directory to your /boot directory. Rename bzImage to
whatever filename LILO expects in /etc/lilo. Then, run “lilo”.
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%