[slackware-security] kernel (SSA:2017-258-02)New kernel packages are available for Slackware 14.1, 14.2, and -current tofix a security issue.Here are the details from the Slackware 14.2 ChangeLog:+--------------------------+patches/packages/linux-4.4.88/*: Upgraded. This update fixes the security vulnerability known as "BlueBorne". The native Bluetooth stack in the Linux Kernel (BlueZ), starting at Linux kernel version 3.3-rc1 is vulnerable to a stack overflow in the processing of L2CAP configuration responses resulting in remote code execution in kernel space. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251 https://www.armis.com/blueborne (* Security fix *)+--------------------------+Where to find the new packages:+-----------------------------+Thanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 14.1:ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-generic-3.10.107-i486-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-generic-smp-3.10.107_smp-i686-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-headers-3.10.107_smp-x86-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-huge-3.10.107-i486-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-huge-smp-3.10.107_smp-i686-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-modules-3.10.107-i486-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-modules-smp-3.10.107_smp-i686-2.txzftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-source-3.10.107_smp-noarch-2.txzUpdated packages for Slackware x86_64 14.1:ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-generic-3.10.107-x86_64-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-headers-3.10.107-x86-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-huge-3.10.107-x86_64-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-modules-3.10.107-x86_64-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-source-3.10.107-noarch-2.txzUpdated packages for Slackware 14.2:ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-firmware-20170914git-noarch-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-generic-4.4.88-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-generic-smp-4.4.88_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-headers-4.4.88_smp-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-huge-4.4.88-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-huge-smp-4.4.88_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-modules-4.4.88-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-modules-smp-4.4.88_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-source-4.4.88_smp-noarch-1.txzUpdated packages for Slackware x86_64 14.2:ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-firmware-20170914git-noarch-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-generic-4.4.88-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-headers-4.4.88-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-huge-4.4.88-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-modules-4.4.88-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-source-4.4.88-noarch-1.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-firmware-20170914git-noarch-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-4.9.50-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-smp-4.9.50_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-4.9.50-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-smp-4.9.50_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-4.9.50-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-smp-4.9.50_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-4.9.50_smp-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-4.9.50_smp-noarch-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-firmware-20170914git-noarch-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-generic-4.9.50-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-huge-4.9.50-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-modules-4.9.50-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/kernel-headers-4.9.50-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/k/kernel-source-4.9.50-noarch-1.txzMD5 signatures:+-------------+Slackware 14.1 packages:5dc7b2058c14f01a17595cd374fc516a kernel-generic-3.10.107-i486-2.txz4b85215f43427662a5aeae4f901e3ce5 kernel-generic-smp-3.10.107_smp-i686-2.txz61da0098796c273e8d2e430a16d63567 kernel-headers-3.10.107_smp-x86-2.txz32905795bfcb581569f5f3530c280052 kernel-huge-3.10.107-i486-2.txzb5713abf49bbf3ac47b789ab8ca6b4b8 kernel-huge-smp-3.10.107_smp-i686-2.txze51dd6bb24404cc0ab468d68f7fcafb2 kernel-modules-3.10.107-i486-2.txzbde3a57da890dc6d662ed76065539474 kernel-modules-smp-3.10.107_smp-i686-2.txz747da6a4b44a53584dfe018f14ac0bcf kernel-source-3.10.107_smp-noarch-2.txzSlackware x86_64 14.1 packages:ea7d675af2f2b02d498e2723f3d0c30b kernel-generic-3.10.107-x86_64-2.txz1a5f183a32db2968e0063d987ea2e90c kernel-headers-3.10.107-x86-2.txz376c83ed81203dc30404b5656069d271 kernel-huge-3.10.107-x86_64-2.txzecc276ef85dd9d8eb643d33e1203c418 kernel-modules-3.10.107-x86_64-2.txzfce4a64e08b0230322a1241e7fd30f96 kernel-source-3.10.107-noarch-2.txzSlackware 14.2 packages:75d6214d28107e508e6ef2f8d5e2ad30 kernel-firmware-20170914git-noarch-1.txz3e856cef8cca5e7b2806f61ddd329d22 kernel-generic-4.4.88-i586-1.txz9034af0d6747a997fb428a0f0c4123cf kernel-generic-smp-4.4.88_smp-i686-1.txzbda60a4fcae355168d3cb2b69a893ed6 kernel-headers-4.4.88_smp-x86-1.txz3bf54f060154f74547a41b9a9968b456 kernel-huge-4.4.88-i586-1.txz0fc421100e420baff2f5db50e6eea3a9 kernel-huge-smp-4.4.88_smp-i686-1.txz9237db6bd8c841140e10e3dd73e4df72 kernel-modules-4.4.88-i586-1.txzda6e3ba08df2214bdccc83cf92ebf5bc kernel-modules-smp-4.4.88_smp-i686-1.txz91a0cbfe5867a923e6a1a3c10e17dca9 kernel-source-4.4.88_smp-noarch-1.txzSlackware x86_64 14.2 packages:75d6214d28107e508e6ef2f8d5e2ad30 kernel-firmware-20170914git-noarch-1.txz4a1f785aa4499d0e537ec1aff1a3a37c kernel-generic-4.4.88-x86_64-1.txz6d0573da1b03d145bc1a2a5dd0bc1be7 kernel-headers-4.4.88-x86-1.txzd749ce7b95738b3ccef35d889884cee5 kernel-huge-4.4.88-x86_64-1.txz1b301c30bc17c566cfa039be37cba7e0 kernel-modules-4.4.88-x86_64-1.txzdd10e43d0c9d988527f950cbd180642d kernel-source-4.4.88-noarch-1.txzSlackware -current packages:75d6214d28107e508e6ef2f8d5e2ad30 a/kernel-firmware-20170914git-noarch-1.txz24da1061e64d9db55a8a51ff17c1788b a/kernel-generic-4.9.50-i586-1.txzb7251929658e143d332285c9dfaebbbe a/kernel-generic-smp-4.9.50_smp-i686-1.txz78b5db6e7390c2308b12fa7f30e39a4c a/kernel-huge-4.9.50-i586-1.txzbeb8bfa38068b5e41ca8d31454d4a709 a/kernel-huge-smp-4.9.50_smp-i686-1.txz5c56e0aae9071e2b86fc35079948792e a/kernel-modules-4.9.50-i586-1.txz0f7609c7fe1d4547d4d69444a20894a8 a/kernel-modules-smp-4.9.50_smp-i686-1.txz2bbef0e2a7655778a905a8dcc1bf185d d/kernel-headers-4.9.50_smp-x86-1.txz30cb739f15575f2e3a26f565e56f81b7 k/kernel-source-4.9.50_smp-noarch-1.txzSlackware x86_64 -current packages:75d6214d28107e508e6ef2f8d5e2ad30 a/kernel-firmware-20170914git-noarch-1.txza65db2c7c50f977bf206318c6ba4ac22 a/kernel-generic-4.9.50-x86_64-1.txz9408c26be2842103fd1da305ef0bee87 a/kernel-huge-4.9.50-x86_64-1.txz14791a8c2a25727b55813472495c3eae a/kernel-modules-4.9.50-x86_64-1.txz46b6c5bf8bd922e1f240660283673194 d/kernel-headers-4.9.50-x86-1.txz960814ca43da32e02b9822f9d3dfd048 k/kernel-source-4.9.50-noarch-1.txzInstallation instructions:+------------------------+Upgrade the packages as root:# upgradepkg kernel-*.txzIf you are using an initrd, you'll need to rebuild it.For a 32-bit SMP machine, use this command (substitute the appropriatekernel version if you are not running Slackware 14.2):# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.88-smp | bashFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command(substitute the appropriate kernel version if you are not runningSlackware 14.2):# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.88 | bashPlease note that "uniprocessor" has to do with the kernel you are running,not with the CPU. Most systems should run the SMP kernel (if they can)regardless of the number of cores the CPU has. If you aren't sure whichkernel you are running, run "uname -a". If you see SMP there, you arerunning the SMP kernel and should use the 4.4.88-smp version when runningmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bitsystems should always use 4.4.88 as the version.If you are using lilo to boot the machine, you'll need to ensure that themachine is properly prepared before rebooting. Be sure that the image= linereferences the correct kernel file and then run "lilo" as root to reinstallthe boot loader.+-----+Slackware Linux Security Teamhttp://slackware.com/gpg-keysecurity@slackware.com
Note: the current version of the following document is available here:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03770en_usSUPPORT COMMUNICATION - SECURITY BULLETINDocument ID: hpesbhf03770en_usVersion: 1HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code ExecutionNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.Release Date: 2017-08-21Last Updated: 2017-08-21Potential Security Impact: Remote: Arbitrary Code ExecutionSource: Hewlett Packard Enterprise, Product Security Response TeamVULNERABILITY SUMMARYA potential security vulnerability has been identified in Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat. The vulnerability known as "httpoxy" could be remotely exploited to execute arbitrary code.References: - CVE-2016-5385 - PHP - CVE-2016-5386 - Go - CVE-2016-5387 - Apache Http Server - CVE-2016-5388 - TomcatSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware v7 (CW7) Products V7BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-5385 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5386 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5387 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5388 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499RESOLUTIONHPE has made the following software updates available to resolve the vulnerability in the Comware 7 MSR Router products: + **MSR1000 (Comware 7) - Version: Fixed in R0605P13 Release** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router * CVE's/ZDI's - CVE-2016-5385 - CVE-2016-5386 - CVE-2016-5387 - CVE-2016-5388 + **MSR2000 (Comware 7) - Version: Fixed in R0605P13 Release** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router * CVE's/ZDI's - CVE-2016-5385 - CVE-2016-5386 - CVE-2016-5387 - CVE-2016-5388 + **MSR3000 (Comware 7) - Version: Fixed in R0605P13 Release** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router - JG409B HPE MSR3012 AC Router * CVE's/ZDI's - CVE-2016-5385 - CVE-2016-5386 - CVE-2016-5387 - CVE-2016-5388 + **MSR4000 (Comware 7) - Version: Fixed in R0605P13 Release** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit * CVE's/ZDI's - CVE-2016-5385 - CVE-2016-5386 - CVE-2016-5387 - CVE-2016-5388 + **MSR95X (Comware 7) - Version: Fixed in R0605P13 Release** * HP Network Products - JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router - JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11nCWv7 Router - JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router - JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router - JH300A HPE FlexNetwork MSR958 1GbE and Combo 2GbE WAN 8GbE LAN Router - JH301A HPE FlexNetwork MSR958 1GbE and Combo 2GbE WAN 8GbE LAN PoE Router - JH373A HPE MSR954 Serial 1GbE Dual 4GLTE (WW) CWv7 Router * CVE's/ZDI's - CVE-2016-5385 - CVE-2016-5386 - CVE-2016-5387 - CVE-2016-5388*Note:* Please contact support for any questions about this documentHISTORYVersion:1 (rev.1) - 21 August 2017 Initial releaseThird Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.Report: To report a potential security vulnerability for any HPE supportedproduct: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.comSubscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_ChoiceSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_ArchiveSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB.3C = 3COM3P = 3rd Party SoftwareGN = HPE General SoftwareHF = HPE Hardware and FirmwareMU = Multi-Platform SoftwareNS = NonStop ServersOV = OpenVMSPV = ProCurveST = Storage SoftwareUX = HP-UXCopyright 2016 Hewlett Packard Enterprise
