Hello,
I alredy posted this on Slackware forum but I must ask also here, as in fact I use Salix in my servers. Namely, there is much fuss recently in the web on the severe remote vulnerability CVE-2016-10229: https://www.theregister.co.uk/2017/04/1 ... rnel_flaw/
It seems to be fixed with latest Slackware kernels. What about the older ones? Is there a chance that there will be a patch released by the Salix or Slackware team for older releases?
Regards
CVE-2016-10229 and older releases
-
- Posts: 518
- Joined: 20. Jun 2016, 20:15
Re: CVE-2016-10229 and older releases
Hello,
answer by Patrick Volkerding in this post: "It's been long fixed in Slackware 14.0 and newer."
Didier
answer by Patrick Volkerding in this post: "It's been long fixed in Slackware 14.0 and newer."
Didier
Re: CVE-2016-10229 and older releases
I know it is fixed with latest releases. What about older ones like 13.1?
Re: CVE-2016-10229 and older releases
2.6.33 is no longer supported by official devs and will not be updated. However you can patch your kernel package for example to 3.2 kernel and stay security updated. In https://www.kernel.org/category/releases.html you can see all supported kernel versions.witek wrote:I know it is fixed with latest releases. What about older ones like 13.1?
Re: CVE-2016-10229 and older releases
Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?
Re: CVE-2016-10229 and older releases
Haven't tried it, but it should work. Maybe you need to update lilo to a newer version first, the lilo in 13.1 might not support newer kernels. You can take the sources from 14.2 and build a new lilo package.
http://download.salixos.org/x86_64/14.2/source/a/lilo/
Just run:
You might want to edit the pkgrel in the SLKBUILD to reflect that this is your build for 13.1 first.
http://download.salixos.org/x86_64/14.2/source/a/lilo/
Just run:
Code: Select all
fakeroot slkbuild -X
Re: CVE-2016-10229 and older releases
It can work, but I recommend to compile for yourself.witek wrote:Is there a chance that I can just install kernel packages from Slackware or Salix14.0 into 13.1, and add them to lilo? Or will it be a waste of time?
Re: CVE-2016-10229 and older releases
It works with current kernel. Thanks