[slackware-security] kernel (SSA:2017-258-02)New kernel packages are available for Slackware 14.1, 14.2, and -current tofix a security issue.Here are the details from the Slackware 14.2 ChangeLog:+--------------------------+patches/packages/linux-4.4.88/*: Upgraded.
This update fixes the security vulnerability known as "BlueBorne".
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
Linux kernel version 3.3-rc1 is vulnerable to a stack overflow in
the processing of L2CAP configuration responses resulting in remote
code execution in kernel space.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
https://www.armis.com/blueborne
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-generic-3.10.107-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-generic-smp-3.10.107_smp-i686-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-headers-3.10.107_smp-x86-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-huge-3.10.107-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-huge-smp-3.10.107_smp-i686-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-modules-3.10.107-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-modules-smp-3.10.107_smp-i686-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-source-3.10.107_smp-noarch-2.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-generic-3.10.107-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-headers-3.10.107-x86-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-huge-3.10.107-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-modules-3.10.107-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-source-3.10.107-noarch-2.txz
Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-firmware-20170914git-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-generic-4.4.88-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-generic-smp-4.4.88_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-headers-4.4.88_smp-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-huge-4.4.88-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-huge-smp-4.4.88_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-modules-4.4.88-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-modules-smp-4.4.88_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.88/kernel-source-4.4.88_smp-noarch-1.txz
Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-firmware-20170914git-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-generic-4.4.88-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-headers-4.4.88-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-huge-4.4.88-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-modules-4.4.88-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.88/kernel-source-4.4.88-noarch-1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-firmware-20170914git-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-4.9.50-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-smp-4.9.50_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-4.9.50-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-smp-4.9.50_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-4.9.50-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-smp-4.9.50_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-4.9.50_smp-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-4.9.50_smp-noarch-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-firmware-20170914git-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-generic-4.9.50-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-huge-4.9.50-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-modules-4.9.50-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/kernel-headers-4.9.50-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/k/kernel-source-4.9.50-noarch-1.txz
MD5 signatures:
+-------------+
Slackware 14.1 packages:
5dc7b2058c14f01a17595cd374fc516a kernel-generic-3.10.107-i486-2.txz
4b85215f43427662a5aeae4f901e3ce5 kernel-generic-smp-3.10.107_smp-i686-2.txz
61da0098796c273e8d2e430a16d63567 kernel-headers-3.10.107_smp-x86-2.txz
32905795bfcb581569f5f3530c280052 kernel-huge-3.10.107-i486-2.txz
b5713abf49bbf3ac47b789ab8ca6b4b8 kernel-huge-smp-3.10.107_smp-i686-2.txz
e51dd6bb24404cc0ab468d68f7fcafb2 kernel-modules-3.10.107-i486-2.txz
bde3a57da890dc6d662ed76065539474 kernel-modules-smp-3.10.107_smp-i686-2.txz
747da6a4b44a53584dfe018f14ac0bcf kernel-source-3.10.107_smp-noarch-2.txz
Slackware x86_64 14.1 packages:
ea7d675af2f2b02d498e2723f3d0c30b kernel-generic-3.10.107-x86_64-2.txz
1a5f183a32db2968e0063d987ea2e90c kernel-headers-3.10.107-x86-2.txz
376c83ed81203dc30404b5656069d271 kernel-huge-3.10.107-x86_64-2.txz
ecc276ef85dd9d8eb643d33e1203c418 kernel-modules-3.10.107-x86_64-2.txz
fce4a64e08b0230322a1241e7fd30f96 kernel-source-3.10.107-noarch-2.txz
Slackware 14.2 packages:
75d6214d28107e508e6ef2f8d5e2ad30 kernel-firmware-20170914git-noarch-1.txz
3e856cef8cca5e7b2806f61ddd329d22 kernel-generic-4.4.88-i586-1.txz
9034af0d6747a997fb428a0f0c4123cf kernel-generic-smp-4.4.88_smp-i686-1.txz
bda60a4fcae355168d3cb2b69a893ed6 kernel-headers-4.4.88_smp-x86-1.txz
3bf54f060154f74547a41b9a9968b456 kernel-huge-4.4.88-i586-1.txz
0fc421100e420baff2f5db50e6eea3a9 kernel-huge-smp-4.4.88_smp-i686-1.txz
9237db6bd8c841140e10e3dd73e4df72 kernel-modules-4.4.88-i586-1.txz
da6e3ba08df2214bdccc83cf92ebf5bc kernel-modules-smp-4.4.88_smp-i686-1.txz
91a0cbfe5867a923e6a1a3c10e17dca9 kernel-source-4.4.88_smp-noarch-1.txz
Slackware x86_64 14.2 packages:
75d6214d28107e508e6ef2f8d5e2ad30 kernel-firmware-20170914git-noarch-1.txz
4a1f785aa4499d0e537ec1aff1a3a37c kernel-generic-4.4.88-x86_64-1.txz
6d0573da1b03d145bc1a2a5dd0bc1be7 kernel-headers-4.4.88-x86-1.txz
d749ce7b95738b3ccef35d889884cee5 kernel-huge-4.4.88-x86_64-1.txz
1b301c30bc17c566cfa039be37cba7e0 kernel-modules-4.4.88-x86_64-1.txz
dd10e43d0c9d988527f950cbd180642d kernel-source-4.4.88-noarch-1.txz
Slackware -current packages:
75d6214d28107e508e6ef2f8d5e2ad30 a/kernel-firmware-20170914git-noarch-1.txz
24da1061e64d9db55a8a51ff17c1788b a/kernel-generic-4.9.50-i586-1.txz
b7251929658e143d332285c9dfaebbbe a/kernel-generic-smp-4.9.50_smp-i686-1.txz
78b5db6e7390c2308b12fa7f30e39a4c a/kernel-huge-4.9.50-i586-1.txz
beb8bfa38068b5e41ca8d31454d4a709 a/kernel-huge-smp-4.9.50_smp-i686-1.txz
5c56e0aae9071e2b86fc35079948792e a/kernel-modules-4.9.50-i586-1.txz
0f7609c7fe1d4547d4d69444a20894a8 a/kernel-modules-smp-4.9.50_smp-i686-1.txz
2bbef0e2a7655778a905a8dcc1bf185d d/kernel-headers-4.9.50_smp-x86-1.txz
30cb739f15575f2e3a26f565e56f81b7 k/kernel-source-4.9.50_smp-noarch-1.txz
Slackware x86_64 -current packages:
75d6214d28107e508e6ef2f8d5e2ad30 a/kernel-firmware-20170914git-noarch-1.txz
a65db2c7c50f977bf206318c6ba4ac22 a/kernel-generic-4.9.50-x86_64-1.txz
9408c26be2842103fd1da305ef0bee87 a/kernel-huge-4.9.50-x86_64-1.txz
14791a8c2a25727b55813472495c3eae a/kernel-modules-4.9.50-x86_64-1.txz
46b6c5bf8bd922e1f240660283673194 d/kernel-headers-4.9.50-x86-1.txz
960814ca43da32e02b9822f9d3dfd048 k/kernel-source-4.9.50-noarch-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate
kernel version if you are not running Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.88-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command
(substitute the appropriate kernel version if you are not running
Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.88 | bash
Please note that "uniprocessor" has to do with the kernel you are running,
not with the CPU. Most systems should run the SMP kernel (if they can)
regardless of the number of cores the CPU has. If you aren't sure which
kernel you are running, run "uname -a". If you see SMP there, you are
running the SMP kernel and should use the 4.4.88-smp version when running
mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit
systems should always use 4.4.88 as the version.
If you are using lilo to boot the machine, you'll need to ensure that the
machine is properly prepared before rebooting. Be sure that the image= line
references the correct kernel file and then run "lilo" as root to reinstall
the boot loader.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Note: the current version of the following document is available here:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03770en_usSUPPORT COMMUNICATION - SECURITY BULLETINDocument ID: hpesbhf03770en_usVersion: 1HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code ExecutionNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.Release Date: 2017-08-21Last Updated: 2017-08-21Potential Security Impact: Remote: Arbitrary Code ExecutionSource: Hewlett Packard Enterprise, Product Security Response TeamVULNERABILITY SUMMARYA potential security vulnerability has been identified in Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat. The vulnerability known as "httpoxy" could be remotely exploited to execute arbitrary code.References: - CVE-2016-5385 - PHP - CVE-2016-5386 - Go - CVE-2016-5387 - Apache Http Server - CVE-2016-5388 - TomcatSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware v7 (CW7) Products V7BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-5385 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5386
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-5387
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5388
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerability in the Comware 7 MSR Router products:
+ **MSR1000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR2000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR3000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- JG409B HPE MSR3012 AC Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR4000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR95X (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router
- JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n
CWv7 Router
- JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH300A HPE FlexNetwork MSR958 1GbE and Combo 2GbE WAN 8GbE LAN Router
- JH301A HPE FlexNetwork MSR958 1GbE and Combo 2GbE WAN 8GbE LAN PoE Router
- JH373A HPE MSR954 Serial 1GbE Dual 4GLTE (WW) CWv7 Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
*Note:* Please contact support for any questions about this document
HISTORY
Version:1 (rev.1) - 21 August 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
