Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this:
a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt.
Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads.” This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *)
Of course, I was out of town for a few days when this happened, so it took a little longer to build updated multilib versions for glibc.
But… they are available now for your 64-bit Slackware 13.0, 13.1 and -current. Grab them here: http://slackware.com/~alien/multilib/. If you need guidance, read the README or better even, check out the Wiki page on Slackware multilib.
I hope this is the last hole for a while, it sucks having to rebuild all of this.
Mirrors: http://taper.alienbase.nl/mirrors/people/alien/multilib/ and http://slackware.org.uk/people/alien/multilib/.
Eric
Installed in 64-current with no issues. Thanks Eric.
Good in 64_13.0. Thanks for maintaining this.
thanks for update multilib Eric.
done by:
./update-multilib.sh
upgradepkg *{,/*}.t?z
(debug)
Eric,
Since the libwebkit-1.0.so.2.17.7 update I can no longer get the handbrake package to run. When you have a spare minute can you rebuild handbrake toy work with the new version of webkit?
@Ken:
I have no problems running handbrake here. Do you see any errors when running the command “ghb” from the commandline?
Eric
Eric,,
This is what I’m getting:
shotsy ~/Desktop $ ghb
ghb: error while loading shared libraries: libwebkit-1.0.so.2: cannot open shared object file: No such file or directory
when I run locate libwebkit I get this output:
/usr/lib/libwebkit-1.0.so.2.17.7
/usr/lib/libwebkit-1.0.la
/usr/lib/libwebkit-1.0.so.2
/usr/lib/libwebkit-1.0.so
and the ls -la
shotsy /usr/lib $ ls -la libwebkit*
-rwxr-xr-x 1 root root 2912 2010-10-15 18:05 libwebkit-1.0.la*
lrwxrwxrwx 1 root root 23 2010-10-16 07:41 libwebkit-1.0.so -> libwebkit-1.0.so.2.17.7*
lrwxrwxrwx 1 root root 23 2010-10-16 07:41 libwebkit-1.0.so.2 -> libwebkit-1.0.so.2.17.7*
-rwxr-xr-x 1 root root 14892688 2010-10-15 18:05 libwebkit-1.0.so.2.17.7*
Thanks for your help!
Ken
Eric,
I figured it out, looks like I picked up some packages from somewhere else. I had to re download and apply
webkitgtk, icu4c, and lib soup from http://connie.slackware.com/~alien/slackbuilds/
now locate libwebkit returns:
shotsy /usr/lib $ locate libwebkit
/usr/lib64/libwebkit-1.0.la
/usr/lib64/libwebkit-1.0.so.2.17.7
/usr/lib64/libwebkit-1.0.so.2
/usr/lib64/libwebkit-1.0.so
Where I got the offending packages is beyond me, these are the repositories I have configure for slaptget:
SOURCE=http://slackware.mirrors.tds.net/pub/slackware/slackware64-current/
SOURCE=http://slackware.org.uk/people/alien/restricted_slackbuilds/
SOURCE=http://connie.slackware.com/~alien/slackbuilds/
# Sources for the testing, extra, and pasture areas – if you use them.
# SOURCE=ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/extra/:PREFERRED
# SOURCE=ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/testing/
# SOURCE=ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pasture/
SOURCE=http://slackware.mirrors.tds.net/pub/slackware/slackware64-current/extra
SOURCE=http://taper.alienbase.nl/mirrors/slackware/slackware64-current/testing
and all is running again, Thanks
Ken