update openssh please 2016 jan 15

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Post Reply
aus9

update openssh please 2016 jan 15

Post#1 by aus9 » 14 Jan 2016, 23:20

For all users there is a new vulnerabiltiy that has been fixed
http://www.itnews.com.au/news/openssh-f ... eak-413653

Please use your package command either usm or (update applet for Nemesis testers) to update ASAP

For Nemesis users the update applet should glow red if you have not done it.

User avatar
brokenman
Site Admin
Site Admin
Posts: 5503
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: update openssh please 2016 jan 15

Post#2 by brokenman » 15 Jan 2016, 00:31

the vulnerability has been blamed on an experimental roaming feature
Round 2. Ding! It's like a disease where the immune system attacks the immune system. The very thing designed to keep you safe is leaking. :shock:
systemd is the least of your worries.

Thanks for the heads up. I missed this in my rss.
How do i become super user?
Wear your underpants on the outside and put on a cape.

ElectriQT
Samurai
Samurai
Posts: 116
Joined: 10 Nov 2013, 12:02
Distribution: LXDE3.5Manjaro, LXDE3.01-32bit
Location: Sweden

Re: update openssh please 2016 jan 15

Post#3 by ElectriQT » 19 Jan 2016, 11:50

(Porteus 3.5)
I could download updates, and it seems to "install",
but the update button still show up red.

if I do a pman -Syu I get an error. Se below
"dcadec: /usr/lib/libdcadec.so.0 exists in filesystem"
(I run Porteus in "copy 2 ram"-mode, usb stick was mounted)

Code: Select all

guest ~ $

guest ~ $ sudo ufw enable
WARN: / is world writable!
WARN: / is group writable!
Firewall is active and enabled on system startup

guest ~ $ setxkbmap se
guest ~ $  åäöÅÄÖ

guest ~ $ sudo pman-setup
[sudo] password for guest: 
sudo: pman-setup: command not found
guest ~ $ sudo setup-pman
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key 0E839...
  -> Locally signing key 684148B498...
  -> Locally signing key AC173567D4C7EA887...
  -> Locally signing key 27FFC4796D41D9260...
  -> Locally signing key AB0687D3032FB69E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key A361A3A157DDDAAF7EF76...
  -> Disabling key A647891DEDC00BB911355...
  -> Disabling key D47287644EAC7E36D1A50...
  -> Disabling key BC1FBE4D2826A0B51E474...
  -> Disabling key 9515D8A8EABDBCE6B455...
  -> Disabling key 40B88ACA61860009B5CE...
  -> Disabling key 63F395DE2D6398BBE442...
  -> Disabling key 0B24434836E1AB441196...
  -> Disabling key 8F9F9E1D3E229C05F944...
  -> Disabling key 66BD74A036D522F51D3...
  -> Disabling key 8137F82480FCE3A726C...
  -> Disabling key E721040CF9A4E36A001...
==> Updating trust database...
gpg: next trustdb check due at 2016-01-22
==> Appending keys from manjaro.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key 7CD439BBFACF4B624438...
  -> Locally signing key 5A97E2418199F0C22B49E...
  -> Locally signing key B4663188EE95BD9C B5C...
  -> Locally signing key 35B44582C2A0AF12B806...
  -> Locally signing key 190893223346B4750337...
  -> Locally signing key 77D03271AC3C39A0609...
  -> Locally signing key 74A0AB7D89389342922...
  -> Locally signing key AE50B37E5F3109DAD3...
  -> Locally signing key E4CDF385D58C8A8C7A...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key FC7F89BEE0DC8AB10BC17...
  -> Disabling key B89CF76F0C1B1A80EBF3E...
==> Updating trust database...
gpg: next trustdb check due at 2016-01-22

 Updating database ... 

:: Synchronizing package databases...
 core                     135.5 KiB   779K/s 00:00 [######################] 100%
 extra                   1921.0 KiB  1829K/s 00:01 [######################] 100%
 community                  3.5 MiB  1732K/s 00:02 [######################] 100%
 multilib                 174.5 KiB  1247K/s 00:00 [######################] 100%
 Updating certificates /// 


 It seems you are not saving your changes. 

Would you like to create a module from your settings? [y/n]y
rm: cannot remove ‘/tmp/.tmp.0ddGuA/etc/pacman.d/gnupg/pubring.gpg~’: No such file or directory
/tmp




Parallel mksquashfs: Using 2 processors
Creating 4.0 filesystem on /tmp/pacman-settings.xzm, block size 262144.
[=================================================================|] 33/33 100%

Exportable Squashfs 4.0 filesystem, xz compressed, data block size 262144
	compressed data, compressed metadata, compressed fragments, compressed xattrs
	duplicates are removed
Filesystem size 6329.38 Kbytes (6.18 Mbytes)
	99.34% of uncompressed filesystem size (6371.60 Kbytes)
Inode table size 378 bytes (0.37 Kbytes)
	42.47% of uncompressed inode table size (890 bytes)
Directory table size 462 bytes (0.45 Kbytes)
	75.00% of uncompressed directory table size (616 bytes)
Number of duplicate files found 2
Number of inodes 25
Number of files 13
Number of fragments 2
Number of symbolic links  0
Number of device nodes 0
Number of fifo nodes 0
Number of socket nodes 1
Number of directories 11
Number of ids (unique uids + gids) 1
Number of uids 1
	root (0)
Number of gids 1
	root (0)

6.2M	/tmp/pacman-settings.xzm

 I could not detect the location of your modules directory. 

Your module is at: /tmp/pacman-settings.xzm
Please manually copy this to your modules directory.
guest ~ $ sudo setup-pman
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key 4079F5993973348882F6...
  -> Locally signing key 86A4944C5518425824B1...
  -> Locally signing key 44A033AC1407D42C7E7...
  -> Locally signing key 2F096D41D9A04F9397C...
  -> Locally signing key AB25687D3032264FFF97...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key F23617DD221DAAF7EF7876...
  -> Disabling key 7F24789891DC063D1ED225...
  -> Disabling key D22BDE22A72876442EAC7...
  -> Disabling key826A0B51E4739214C6C110...
  -> Disabling key 9D8AB88E46B456CAF1225...
  -> Disabling key 4A84A61860009B5C2C0D2...
  -> Disabling key 6D63298BE458F281F2DBB...
  -> Disabling key 025DA3A70D0E1AB221126...
  -> Disabling key 89F9E1D3E221D983D4326...
  -> Disabling key 62522F51DD72726521E2D...
  -> Disabling key 2F8241DB3880FCE3A226C...
  -> Disabling key E940CF9A4E32201876624...
==> Updating trust database...
gpg: next trustdb check due at 2016-01-22
==> Appending keys from manjaro.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key 72D439BACF4251B35822...
  -> Locally signing key 5A27E32213722934B99E...
  -> Locally signing key B188A62DB1E45A982E5...
  -> Locally signing key 32B4FF2321122B282A6...
  -> Locally signing key 1AAB9A00D6B475DFFF...
  -> Locally signing key 72C399F09AC227B894...
  -> Locally signing key 722F2205A0AB7D859...
  -> Locally signing key 39221AE537E5F3196F...
  -> Locally signing key ECDC7CAA65911C72E...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key FA2840E8C2F892C822C217...
  -> Disabling key 540D1AD0D2A802EB2F23E...
==> Updating trust database...
gpg: next trustdb check due at 2016-01-22

 Updating database ... 

:: Synchronizing package databases...
 core                     135.5 KiB   671K/s 00:00 [######################] 100%
g extra                   1159.9 KiB   844K/s 00:00 [#############---------]  60 extra                   1921.0 KiB   841K/s 00:02 [######################] 100%
 community                  3.5 MiB  1608K/s 00:02 [######################] 100%
 multilib                 174.5 KiB  1265K/s 00:00 [######################] 100%
 Updating certificates /// 


 It seems you are not saving your changes. 

Would you like to create a module from your settings? [y/n]y
 pman/pacman was successfully set up. 

For help type: pman -h
guest ~ $ sudo pman -h
usage:  pman <operation> [...]
operations:
    pman {-h --help}
    pman {-V --version}
    pman {-D --database} <options> <package(s)>
    pman {-Q --query}    [options] [package(s)]
    pman {-R --remove}   [options] <package(s)>
    pman {-S --sync}     [options] [package(s)]
    pman {-T --deptest}  [options] [package(s)]
    pman {-U --upgrade}  [options] <file(s)>

use 'pman {-h --help}' with an operation for available options
guest ~ $ sudo pman -S firefox
resolving dependencies...
looking for conflicting packages...

Packages (3) hunspell-1.3.3-3  mozilla-common-1.4-4  firefox-43.0.4-1

Total Download Size:   43.23 MiB
Total Installed Size:  92.96 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages ...
 mozilla-common-1.4-...  1180.0   B  76.8K/s 00:00 [######################] 100%
 hunspell-1.3.3-3-x86_64  185.9 KiB  1616K/s 00:00 [######################] 100%
 firefox-43.0.4-1-x86_64   43.0 MiB  1828K/s 00:24 [######################] 100%
(3/3) checking keys in keyring                     [######################] 100%
(3/3) checking package integrity                   [######################] 100%
(3/3) loading package files                        [######################] 100%
(3/3) checking for file conflicts                  [######################] 100%
(3/3) checking available disk space                [######################] 100%
(1/3) installing mozilla-common                    [######################] 100%
relogin or source /etc/profile.d/mozilla-common.sh
(2/3) installing hunspell                          [######################] 100%
Optional dependencies for hunspell
    perl: for ispellaff2myspell [installed]
(3/3) installing firefox                           [######################] 100%
Optional dependencies for firefox
    networkmanager: Location detection via available WiFi networks
    ffmpeg: H264/AAC decoding [installed]
    gst-plugins-good: MP3 playback
    gst-plugins-ugly: MP3 playback
    upower: Battery API

 Multiple packages were detected. 

Would you like to merge them into one module? [y/n]y
Enter a custom module name or hit enter for default: 

Select the main package to use as a name.
Hit ctrl + c to quit.

1) firefox-43.0.4-1-x86_64.pkg.tar.xz	3) mozilla-common-1.4-4-any.pkg.tar.xz
2) hunspell-1.3.3-3-x86_64.pkg.tar.xz
#? 1
 Decompressing firefox-43.0.4-1-x86_64.pkg.tar.xz 
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
tar: Ignoring unknown extended header keyword 'SCHILY.fflags'
 Stripping firefox-43.0.4-1-x86_64.pkg.tar.xz 

 Size before strip: 
 93M
 Size after strip: 
 93M

 Decompressing hunspell-1.3.3-3-x86_64.pkg.tar.xz 
 Stripping hunspell-1.3.3-3-x86_64.pkg.tar.xz 

 Size before strip: 
 94M
 Size after strip: 
 94M

 Decompressing mozilla-common-1.4-4-any.pkg.tar.xz 
 Stripping mozilla-common-1.4-4-any.pkg.tar.xz 

 Size before strip: 
 94M
 Size after strip: 
 94M

/tmp
Parallel mksquashfs: Using 2 processors
Creating 4.0 filesystem on /tmp/firefox-43.0.4-1-x86_64.bundle.xzm, block size 262144.
[===============================================================|] 438/438 100%

Exportable Squashfs 4.0 filesystem, xz compressed, data block size 262144
	compressed data, compressed metadata, compressed fragments, compressed xattrs
	duplicates are removed
Filesystem size 45536.81 Kbytes (44.47 Mbytes)
	47.86% of uncompressed filesystem size (95139.83 Kbytes)
Inode table size 2150 bytes (2.10 Kbytes)
	34.89% of uncompressed inode table size (6163 bytes)
Directory table size 1478 bytes (1.44 Kbytes)
	45.84% of uncompressed directory table size (3224 bytes)
Number of duplicate files found 5
Number of inodes 144
Number of files 74
Number of fragments 7
Number of symbolic links  7
Number of device nodes 0
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 63
Number of ids (unique uids + gids) 1
Number of uids 1
	root (0)
Number of gids 1
	root (0)

45M	/tmp/firefox-43.0.4-1-x86_64.bundle.xzm

 ERROR: Module directory is not mounted or unwritable. 
Please manually copy the modules to your module directory.

 Your modules are in the /tmp folder: 
firefox-43.0.4-1-x86_64.bundle.xzm

Packages were removed from /var/cache/pacman/pkg.

guest ~ $ sudo pman -Syu
[sudo] password for guest: 
Sorry, try again.
[sudo] password for guest: 
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (69) adwaita-icon-theme-3.18.0-1  ca-certificates-mozilla-3.21-1
              cdrtools-3.02a05-1  consolekit-1.0.1-2  dbus-openrc-1.10.6-2
              dcadec-0.2.0-1  device-mapper-2.02.138-1  dhcpcd-6.10.0-1
              elfutils-0.165-1  ffmpeg-1:2.8.5-2  gmp-6.1.0-3  gnupg-2.1.10-3
              gnutls-3.4.8-1  gsm-1.0.14-1  gtk-update-icon-cache-3.18.6-2
              gtk3-3.18.6-2  harfbuzz-1.1.3-1  inxi-2.2.32-1  iso-codes-3.64-1
              libass-0.13.1-1  libbsd-0.8.1-1  libdbus-1.10.6-1
              libdrm-2.4.66-1  libelf-0.165-1  libevdev-1.4.6-1
              libldap-2.4.43-1  libnm-glib-1.0.10-2  libnotify-0.7.6-2
              libpng-1.6.20-1  libsigc++-2.6.2-1  libsodium-1.0.8-1
              libteam-1.23-1  libva-1.6.2-1  libva-intel-driver-1.6.2-1
              libwbclient-4.3.4-1  libwebp-0.5.0-1  llvm-libs-3.7.1-1
              mesa-11.1.1-1  mhwd-db-0.5.6-9  mpfr-3.1.3.p5-1  nano-2.5.1-1
              network-manager-applet-1.0.10-1
              networkmanager-consolekit-1.0.10-2
              networkmanager-openvpn-1.0.9-1  nm-connection-editor-1.0.10-1
              nspr-4.11-1  nss-3.21-1  openrc-0.20.2-1  openssh-7.1p2-1
              openvpn-2.3.9-1  opus-1.1.2-1  p11-kit-0.23.2-1
              package-query-1.7-1  pacman-mirrorlist-20160108-1
              pciutils-3.4.0-1  perl-5.22.1-1  rp-pppoe-3.12-1  rsync-3.1.2-1
              rtmpdump-1:2.4.r96.fa8646d-1  smbclient-4.3.4-1  sqlite-3.10.1-1
              vte-common-0.42.1-2  vte3-0.42.1-2  wpa_supplicant-1:2.5-2
              xf86-input-evdev-2.10.1-1  xfsprogs-4.3.0-1  xorg-xrdb-1.1.0-2
              xterm-322-1  zip-3.0-7

Total Installed Size:  380.30 MiB
Net Upgrade Size:       28.72 MiB

:: Proceed with installation? [Y/n] y
(69/69) checking keys in keyring                   [######################] 100%
(69/69) checking package integrity                 [######################] 100%
(69/69) loading package files                      [######################] 100%
(69/69) checking for file conflicts                [######################] 100%
error: failed to commit transaction (conflicting files)
dcadec: /usr/lib/libdcadec.so.0 exists in filesystem
Errors occurred, no packages were upgraded.
guest ~ $ 
Last edited by ElectriQT on 25 Jan 2017, 13:16, edited 1 time in total.

aus9

Re: update openssh please 2016 jan 15

Post#4 by aus9 » 19 Jan 2016, 23:05

Hi

try this first for Nemesis users...as root please

Code: Select all

rm -rf /usr/lib/libdcadec.so.0
pacman -S dcadec
Rather than updating by command you can also update via the applet if you wish?

Additional edit after reading v3.5 bug report
the above command for pacman will not build a module of your update. That role goes to pman. So if you want a module of that package try

Code: Select all

rm -rf /usr/lib/libdcadec.so.0
pman -S dcadec

ElectriQT
Samurai
Samurai
Posts: 116
Joined: 10 Nov 2013, 12:02
Distribution: LXDE3.5Manjaro, LXDE3.01-32bit
Location: Sweden

Re: update openssh please 2016 jan 15

Post#5 by ElectriQT » 20 Jan 2016, 00:29

"m -rf /usr/lib/libdcadec.so.0"
I did this (before reading here), It did seems to do the trick,


"pacman -S dcadec
I did not do this..

And I later in the evening had a deadly crach, after a lot of "I/O -error"
could not shutdown, could never startx again , just got the prompt, even after reboot, (and I did run without save.dat) hmm,

"Rather than updating by command you can also update via the applet if you wish?
Nope, that did not work, it did download all, but did not build module or did not seem to install them, 78 updates.
maybe it could have work ofter the libdcadec.se was removed, but I did not try, it did wirk to download ufw with the packagemanager-gui, but pman -S seems more easy, now I am back at 3.4 again as it seems more stable, or maybe it was me damaging it and got IO-error because I never did the unknown pman -S dcadec ?

aus9

Re: update openssh please 2016 jan 15

Post#6 by aus9 » 20 Jan 2016, 04:46

I did not do this..
Is that a typo? It could well explain the crash if you did not update this package.

Instead did you use pman?

FWIW pacman does not build modules its pman that does that.

ElectriQT
Samurai
Samurai
Posts: 116
Joined: 10 Nov 2013, 12:02
Distribution: LXDE3.5Manjaro, LXDE3.01-32bit
Location: Sweden

Re: update openssh please 2016 jan 15

Post#7 by ElectriQT » 25 Jan 2017, 13:08

(Ok, just one year late to reply.. But the 3.5 have then worked so good for me, so I almost forgot about the forum :- )

No, Not a typo,

I think just re-named the file to: Libdcadec.so.bak,
and then the pacman(or pman, I dont remember..) did the rest,
and I think it did re-"install" the file in that process

Post Reply