diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-07-19 20:36:46 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-07-19 23:51:30 +0200 |
commit | 6f8b2b4fabce9d8d0571802529cad2df31d9a0ca (patch) | |
tree | e9ebed30271d260e477fc09d30189ecd8405ad78 /README.initrd | |
parent | a1b07eafc1e2522790168868d732f16d0c442ff8 (diff) | |
download | current-6f8b2b4fabce9d8d0571802529cad2df31d9a0ca.tar.gz current-6f8b2b4fabce9d8d0571802529cad2df31d9a0ca.tar.xz |
Wed Jul 19 20:36:46 UTC 202320230719203646
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.html
https://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2
https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'README.initrd')
-rw-r--r-- | README.initrd | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/README.initrd b/README.initrd index a41fdfd5f..a02abbac5 100644 --- a/README.initrd +++ b/README.initrd @@ -1,7 +1,7 @@ Slackware initrd mini HOWTO by Patrick Volkerding, volkerdi@slackware.com -Wed Jul 5 20:48:22 UTC 2023 +Wed Jul 19 20:25:43 UTC 2023 This document describes how to create and install an initrd, which may be required to use the 4.x kernel. Also see "man mkinitrd". @@ -33,15 +33,15 @@ flexible to ship a generic kernel and a set of kernel modules for it. The easiest way to make the initrd is to use the mkinitrd script included in Slackware's mkinitrd package. We'll walk through the process of -upgrading to the generic 6.1.38 Linux kernel using the packages +upgrading to the generic 6.1.39 Linux kernel using the packages found in Slackware's slackware/a/ directory. First, make sure the kernel, kernel modules, and mkinitrd package are installed (the current version numbers might be a little different, so this is just an example): - installpkg kernel-generic-6.1.38-x86_64-1.txz - installpkg kernel-modules-6.1.38-x86_64-1.txz + installpkg kernel-generic-6.1.39-x86_64-1.txz + installpkg kernel-modules-6.1.39-x86_64-1.txz installpkg mkinitrd-1.4.11-x86_64-32.txz Change into the /boot directory: @@ -52,7 +52,7 @@ Now you'll want to run "mkinitrd". I'm using ext4 for my root filesystem, and since the disk controller requires no special support the ext4 module will be the only one I need to load: - mkinitrd -c -k 6.1.38 -m ext4 + mkinitrd -c -k 6.1.39 -m ext4 This should do two things. First, it will create a directory /boot/initrd-tree containing the initrd's filesystem. Then it will @@ -61,10 +61,10 @@ you could make some additional changes in /boot/initrd-tree/ and then run mkinitrd again without options to rebuild the image. That's optional, though, and only advanced users will need to think about that. -Here's another example: Build an initrd image using Linux 6.1.38 +Here's another example: Build an initrd image using Linux 6.1.39 kernel modules for a system with an ext4 root partition on /dev/sdb3: - mkinitrd -c -k 6.1.38 -m ext4 -f ext4 -r /dev/sdb3 + mkinitrd -c -k 6.1.39 -m ext4 -f ext4 -r /dev/sdb3 4. Now that I've built an initrd, how do I use it? |