|
|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] kernel (SSA:2026-122-01)
Date: Sat, 2 May 2026 18:41:55 -0700 (PDT) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] kernel (SSA:2026-122-01)
New kernel packages are available for Slackware 15.0 and -current to fix a
security issue.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/linux-5.15.204/kernel-generic-5.15.204-i586-1.txz: Upgraded.
This update fixes a critical security issue:
An out-of-bounds write in the userspace interface for AEAD cipher algorithms
may be leveraged to get a root shell through a setuid binary. While the
proof of concepts for this have so far targeted different program versions
than Slackware uses, there's nothing preventing anyone from targeting one
a setuid binary that we use.
Mitigation: If for some reason it's not possible to upgrade the kernel right
away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
the algif_aead.ko kernel module to prevent the exploit.
For more information, see:
https://copy.fail/
https://www.cve.org/CVERecord?id=CVE-2026-31431
(* Security fix *)
patches/packages/linux-5.15.204/kernel-generic-smp-5.15.204_smp-i686-1.txz: Upgraded.
This update fixes a critical security issue:
An out-of-bounds write in the userspace interface for AEAD cipher algorithms
may be leveraged to get a root shell through a setuid binary. While the
proof of concepts for this have so far targeted different program versions
than Slackware uses, there's nothing preventing anyone from targeting one
a setuid binary that we use.
Mitigation: If for some reason it's not possible to upgrade the kernel right
away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
the algif_aead.ko kernel module to prevent the exploit.
For more information, see:
https://copy.fail/
https://www.cve.org/CVERecord?id=CVE-2026-31431
(* Security fix *)
patches/packages/linux-5.15.204/kernel-headers-5.15.204_smp-x86-1.txz: Upgraded.
patches/packages/linux-5.15.204/kernel-huge-5.15.204-i586-1.txz: Upgraded.
This update fixes a critical security issue:
An out-of-bounds write in the userspace interface for AEAD cipher algorithms
may be leveraged to get a root shell through a setuid binary. While the
proof of concepts for this have so far targeted different program versions
than Slackware uses, there's nothing preventing anyone from targeting one
a setuid binary that we use.
Mitigation: If for some reason it's not possible to upgrade the kernel right
away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
the algif_aead.ko kernel module to prevent the exploit.
For more information, see:
https://copy.fail/
https://www.cve.org/CVERecord?id=CVE-2026-31431
(* Security fix *)
patches/packages/linux-5.15.204/kernel-huge-smp-5.15.204_smp-i686-1.txz: Upgraded.
This update fixes a critical security issue:
An out-of-bounds write in the userspace interface for AEAD cipher algorithms
may be leveraged to get a root shell through a setuid binary. While the
proof of concepts for this have so far targeted different program versions
than Slackware uses, there's nothing preventing anyone from targeting one
a setuid binary that we use.
Mitigation: If for some reason it's not possible to upgrade the kernel right
away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
the algif_aead.ko kernel module to prevent the exploit.
For more information, see:
https://copy.fail/
https://www.cve.org/CVERecord?id=CVE-2026-31431
(* Security fix *)
patches/packages/linux-5.15.204/kernel-modules-5.15.204-i586-1.txz: Upgraded.
This update fixes a critical security issue:
An out-of-bounds write in the userspace interface for AEAD cipher algorithms
may be leveraged to get a root shell through a setuid binary. While the
proof of concepts for this have so far targeted different program versions
than Slackware uses, there's nothing preventing anyone from targeting one
a setuid binary that we use.
Mitigation: If for some reason it's not possible to upgrade the kernel right
away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
the algif_aead.ko kernel module to prevent the exploit.
For more information, see:
https://copy.fail/
https://www.cve.org/CVERecord?id=CVE-2026-31431
(* Security fix *)
patches/packages/linux-5.15.204/kernel-modules-smp-5.15.204_smp-i686-1.txz: Upgraded.
This update fixes a critical security issue:
An out-of-bounds write in the userspace interface for AEAD cipher algorithms
may be leveraged to get a root shell through a setuid binary. While the
proof of concepts for this have so far targeted different program versions
than Slackware uses, there's nothing preventing anyone from targeting one
a setuid binary that we use.
Mitigation: If for some reason it's not possible to upgrade the kernel right
away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
the algif_aead.ko kernel module to prevent the exploit.
For more information, see:
https://copy.fail/
https://www.cve.org/CVERecord?id=CVE-2026-31431
(* Security fix *)
patches/packages/linux-5.15.204/kernel-source-5.15.204_smp-noarch-1.txz: Upgraded.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-generic-5.15.204-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-generic-smp-5.15.204_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-headers-5.15.204_smp-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-huge-5.15.204-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-huge-smp-5.15.204_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-modules-5.15.204-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-modules-smp-5.15.204_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.204/kernel-source-5.15.204_smp-noarch-1.txz
Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.204/kernel-generic-5.15.204-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.204/kernel-headers-5.15.204-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.204/kernel-huge-5.15.204-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.204/kernel-modules-5.15.204-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.204/kernel-source-5.15.204-noarch-1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-6.12.85-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-headers-6.12.85-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-source-6.12.85-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-6.18.x/kernel-generic-6.18.26-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-6.18.x/kernel-headers-6.18.26-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-6.18.x/kernel-source-6.18.26-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-7.0.x/kernel-generic-7.0.3-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-7.0.x/kernel-headers-7.0.3-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-7.0.x/kernel-source-7.0.3-noarch-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-generic-6.18.26-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-headers-6.18.26-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-source-6.18.26-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/testing/packages/linux-7.0.x/kernel-generic-7.0.3-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/testing/packages/linux-7.0.x/kernel-headers-7.0.3-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/testing/packages/linux-7.0.x/kernel-source-7.0.3-noarch-1.txz
MD5 signatures:
+-------------+
Slackware 15.0 packages:
84d144deb4c8768ec74c590ca0f41142 kernel-generic-5.15.204-i586-1.txz
cbbf7ece16f1aa1d953d30f4c59ea74c kernel-generic-smp-5.15.204_smp-i686-1.txz
843ff19489918252ca0ce37a0294d69b kernel-headers-5.15.204_smp-x86-1.txz
f48c63ad3496e024c2203fdbe25de26c kernel-huge-5.15.204-i586-1.txz
0bb79df746dd6bf5853941ee08465a30 kernel-huge-smp-5.15.204_smp-i686-1.txz
58fc5c7fecf49667716fd51bdbe09597 kernel-modules-5.15.204-i586-1.txz
bfc0fb5bff4e8bd71b3e4fc2b5597137 kernel-modules-smp-5.15.204_smp-i686-1.txz
4b0ecf18b8edf559e49f6d025b4a98ac kernel-source-5.15.204_smp-noarch-1.txz
Slackware x86_64 15.0 packages:
4cebb486fe97259af7f71fa720a10edc kernel-generic-5.15.204-x86_64-1.txz
80e5afbacc559e7ea586fb59d2c780d1 kernel-headers-5.15.204-x86-1.txz
b273f304058eadab1926f9214a824d27 kernel-huge-5.15.204-x86_64-1.txz
c80e7d6f6f30a72ea427b3966dc58a48 kernel-modules-5.15.204-x86_64-1.txz
614f6de83a2622eeedf5997dc55890c2 kernel-source-5.15.204-noarch-1.txz
Slackware -current packages:
f9aa17dc7ef6eb79718dcac551956f74 kernel-firmware-20260429_56a13f9-noarch-1.txz
a2bdfc40b47e9665673f294550849fef kernel-generic-6.12.85-i686-1.txz
3665455c14d5e64f2516752e6474773f kernel-headers-6.12.85-x86-1.txz
730d98bc6528159c7fb8216b614f6fe5 kernel-source-6.12.85-noarch-1.txz
84debcb1df57c080ac5fedde2af10e72 kernel-generic-6.18.26-i686-1.txz
fa85205317e20d28f416b074772885d3 kernel-headers-6.18.26-x86-1.txz
59d09e799be2eb791ae7689b533b0d5b kernel-source-6.18.26-noarch-1.txz
5e22fa32b7a3e2963d79a8b7f3ac0f99 kernel-generic-7.0.3-i686-1.txz
9a00439fa5e47f2776247c19ac499319 kernel-headers-7.0.3-x86-1.txz
ffc536e77878cd6d1c881ad40b2d13fc kernel-source-7.0.3-noarch-1.txz
Slackware x86_64 -current packages:
f9aa17dc7ef6eb79718dcac551956f74 kernel-firmware-20260429_56a13f9-noarch-1.txz
4c7762cb7f258b247dfc6f394f4bdde0 kernel-generic-6.18.26-x86_64-1.txz
12d0b057c87c4d3af6c202205d0c5776 kernel-headers-6.18.26-x86-1.txz
d51c3e4d093fe4f9a290c4117c62239e kernel-source-6.18.26-noarch-1.txz
77ba107837a9b2f93372f7c4f1127316 kernel-generic-7.0.3-x86_64-1.txz
99e73f6412f218050cc38ada7eb13c7e kernel-headers-7.0.3-x86-1.txz
5c1e50da16dd02816256dbd9d356bb49 kernel-source-7.0.3-noarch-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate
kernel version if you are not running Slackware 15.0):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.204-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command
(substitute the appropriate kernel version if you are not running
Slackware 15.0):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.204 | bash
Please note that "uniprocessor" has to do with the kernel you are running,
not with the CPU. Most systems should run the SMP kernel (if they can)
regardless of the number of cores the CPU has. If you aren't sure which
kernel you are running, run "uname -a". If you see SMP there, you are
running the SMP kernel and should use the 5.15.204-smp version when running
mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit
systems should always use 5.15.204 as the version.
If you are using lilo or elilo to boot the machine, you'll need to ensure
that the machine is properly prepared before rebooting.
If using LILO:
By default, lilo.conf contains an image= line that references a symlink
that always points to the correct kernel. No editing should be required
unless your machine uses a custom lilo.conf. If that is the case, be sure
that the image= line references the correct kernel file. Either way,
you'll need to run "lilo" as root to reinstall the boot loader.
If using elilo:
Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish
to use, and then run eliloconfig to update the EFI System Partition.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
iHkEARECADkWIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCafanORsUgAAAAAAEAA5t
YW51MiwyLjUrMS4xMiwyLDIACgkQakRjwEAQIjOMFgCeJelozDI7y7ziTWvrcS3R
tWRYsKcAn2H9cmH8dmfZVKnjSSyJ00q/fXi5
=Lpdk
-----END PGP SIGNATURE-----
|
|
|
