Merge pull request 'Use relative cross-links between issue and package pages' (#12) from solardiz-patch-10 into main

Reviewed-on: security/wiki#12
Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
Neil Hanlon 2023-11-15 23:54:24 +00:00
commit 3a5e3ab476
4 changed files with 4 additions and 4 deletions

View File

@ -24,7 +24,7 @@ Public disclosure date: November 14, 2023
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md).
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
## EL8

View File

@ -19,7 +19,7 @@ Public disclosure date: October 3, 2023
- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md).
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md).
## EL8

View File

@ -16,7 +16,7 @@
#### Known-effective vulnerability mitigations and fixes
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](https://www.openwall.com/lists/oss-security/2023/10/03/2) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on.

View File

@ -7,7 +7,7 @@
### Changes summary
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](https://www.openwall.com/lists/oss-security/2023/11/14/4)), temporarily dropping most documentation patches
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
### Change log