This is an old revision of the document!


Slackwarearm-14.2 ChangeLog (2019-02-14)

Thu Feb 14 08:08:08 UTC 2019

  • patches/packages/linux-4.4.174/kernel-headers-4.4.174-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.174/kernel-modules-armv5-4.4.174_armv5-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.174/kernel-modules-armv7-4.4.174_armv7-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.174/kernel-source-4.4.174-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.174/kernel_armv5-4.4.174-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.174/kernel_armv7-4.4.174-arm-1_slack14.2.txz
  • patches/packages/lxc-2.0.9_d3a03247-arm-1_slack14.2.txz
    This update fixes a security issue where a malicious privileged container
    could overwrite the host binary and thus gain root-level code execution on
    the host. As the LXC project considers privileged containers to be unsafe
    no CVE has been assigned for this issue for LXC. To prevent this attack,
    LXC has been patched to create a temporary copy of the calling binary
    itself when it starts or attaches to containers. To do this LXC creates an
    anonymous, in-memory file using the memfd_create() system call and copies
    itself into the temporary in-memory file, which is then sealed to prevent
    further modifications. LXC then executes this sealed, in-memory file
    instead of the original on-disk binary.
    For more information, see:
    https://seclists.org/oss-sec/2019/q1/119
    (* Security fix *)
  • news/2019/02/14/slackwarearm-14.2-changelog.1550266065.txt.gz
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi