Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 417 other subscribers

My Favourites

Slackware

Calendar

February 2019
M T W T F S S
« Jan    
 123
45678910
11121314151617
18192021222324
25262728  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

RSS SBo

Meta

Multilib glibc patched for GHOST vulnerability (CVE-2015-0235)

There was some unrest about the most recent glibc update in the stable releases of Slackware (slackware-current excluded). Glibc was patched against a new vulnerability, CVE-2015-0235, for which the only known exploit currently is in the MTA Exim (software which is not part of Slackware) and an exploit for this vulnerability is difficult to write apparently. I usually am quite fast in following up on Slackware updates for gcc and especially glibc. This time, I was busy with answering questions about the new KDE 5 at night, and buried in shit at work during the day.

Nevertheless, when there were no updated multilib versions of glibc the next day, some people asked when they could expect a patched package. Others were less polite and demanded updated packages. That sucked.

Here is where you can find the updated packages:

For the un-initiated: multilib is needed if you want to use binary-only 32-bit software on 64-bit Slackware. Examples of that are Skype, Valve’s Steam Client, the WINE emulator, the Pipelight browser plugin, Citrix client etc.

Instructions on how to add or update multilib on your 64-bit Slackware can be found on the Slackware Documentation Project.

Cheers, Eric

 

Comments

Comment from MikeVx
Posted: January 31, 2015 at 01:19

I’ve managed to goof things up with the Ghost fix. I failed to think and used slackpkg to address the problem. Now I can’t run my single 32-bit package. I’m trying to figure out how to fix this. I’ve gone and blacklisted things according to directions, but it’s too late to save me on this.

Do you have any ready-made directions that might allow me to fix this?

Thanks.

Comment from ecoslacker
Posted: January 31, 2015 at 01:33

Thanks for the multilib packages Eric, I know you had no obligation to do this.

Thanks man 🙂

Comment from Jen
Posted: January 31, 2015 at 02:08

Thanks! Here’s hoping the work situation settles. Can’t imagine it’s easy lately with the rumors I’m hearing.

Comment from alienbob
Posted: January 31, 2015 at 03:05

MikeVx – if you used slackpkg and did not blacklist my packages, then slackpkg will have installed Slackware’s own gcc and glibc.
If that is the case, simply install the gcc and glibc packages manually (using upgradepkg) and then add these blacklist lines to slackpkg’s blacklist file:

[0-9]+alien
[0-9]+compat32

Comment from Mike Langdon (mlangdn)
Posted: January 31, 2015 at 04:02

Thanks Eric! Hope work goes better this next week.

Comment from MikeVx
Posted: January 31, 2015 at 04:08

“And there was much rejoicing!”

That did it. I have Skype operating again, and I can now see to installing my old 32-bit games and such. (The Skype was critical, and thus the one thing I had to make work, the rest, nice but survivable if I couldn’t have them.)

I had already blacklisted your packages in slackpkg when I realized I had targeted my own foot, but it was a bit late by then. (Hobble….hobble.)

Thanks for the tip, and thanks for your work on multilib support. I discovered it years ago when I first went 64-bit with Slackware and had failures on some of my old utilities for which I had lost the source code. Some searching listed your project, and I now wait to upgrade Slackware until you have your packages out for the new version.

Don’t let the entitlement brigade get you down. At least some of us out here are glad you put in the work on this project and I appreciate the aggravation that I haven’t had to deal with because of it.

Again, thanks for the multilib project, and for the quick tip today that fixed my problem in under 5 minutes from reading the solution to making it work.

Comment from fabio
Posted: January 31, 2015 at 09:55

am i missing something? the creation dates for glibc-zoneinfo and version “i” are still the same (25-oct-2014) when i access the links. the changelogs at slackware.com shows version “j”. or it doesn’t matter? thank you

Comment from kjh
Posted: January 31, 2015 at 21:43

Thank you very much Eric !

ALL my 32-bit programs are working again after updating glibc on 13.37 !

I am truly sorry to hear about the ungrateful people who demanded that you spend YOUR time and YOUR experience to update the packages that you’ve enabled them to update for themselves.

That DOES suck.

You’ve provided a number of valuable gifts to the world and I am sure most people see your HOWTOs, scripts and packages that way too.

Thanks again for all you do, Eric !

— kjh

Pingback from Vulnerabilidade Ghost corrigida na multilib, para Slackware Linux | Caminhando Livre
Posted: January 31, 2015 at 23:27

[…] biblioteca glibc, e nomeada como Ghost, nos pacotes que compõem a multilib, gentilmente mantidos e disponibilizados por Erick Hamleers, mais conhecido como alienBOB, um dos mantenedores da distribuição […]

Comment from Aaditya Bagga
Posted: February 1, 2015 at 07:37

Thx for the packages.

Comment from Nolre
Posted: February 2, 2015 at 11:44

Hi !

The -current glibc updates weren’t uploaded on you site.
Only stable were.

Comment from alienbob
Posted: February 2, 2015 at 12:01

Hi Nolre,

The reason is that there were no updates to glibc in Slackware-current except for the zoneinfo package. The GHOST bug is not present in the glibc of slackware-current.

You can use the zoneinfo package of slackware64-current on your multilib computer.
I will update that file sometime soon in the multilib repository but I do not have the time now.

Comment from Nolre
Posted: February 3, 2015 at 13:34

Just upgraded the new multilib zoneinfo package.
Thanks.

Write a comment