forked from security/wiki
Merge pull request 'Fix-up the previous set of changes' (#11) from solardiz-patch-9 into main
Reviewed-on: security/wiki#11 Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
commit
4cb56ee1c2
@ -48,7 +48,7 @@ You'll normally install packages from the mirrors, which should just work. Howev
|
|||||||
### Override packages (currently only for EL9)
|
### Override packages (currently only for EL9)
|
||||||
|
|
||||||
- [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)
|
- [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)
|
||||||
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes CVE-2023-23583)
|
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
|
||||||
- [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)
|
- [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)
|
||||||
|
|
||||||
The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
|
The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
|
||||||
|
@ -1,4 +1,8 @@
|
|||||||
# CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
|
# CVE-2023-23583: microcode_ctl
|
||||||
|
|
||||||
|
## Title
|
||||||
|
|
||||||
|
CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
@ -18,8 +22,10 @@ Public disclosure date: November 14, 2023
|
|||||||
|
|
||||||
## EL9
|
## EL9
|
||||||
|
|
||||||
Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
||||||
|
|
||||||
|
Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md).
|
||||||
|
|
||||||
## EL8
|
## EL8
|
||||||
|
|
||||||
Not fixed yet, will fix.
|
- Not fixed yet, will fix.
|
||||||
|
@ -1,4 +1,8 @@
|
|||||||
# CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
|
# CVE-2023-4911: glibc
|
||||||
|
|
||||||
|
## Title
|
||||||
|
|
||||||
|
CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
@ -12,12 +16,12 @@ Public disclosure date: October 3, 2023
|
|||||||
|
|
||||||
## EL9
|
## EL9
|
||||||
|
|
||||||
Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
|
- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
|
||||||
Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
|
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
|
||||||
|
|
||||||
Besides the upstream fix, we also retained the mitigation in the [Security SIG package of glibc](packages/glibc.md).
|
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md).
|
||||||
|
|
||||||
## EL8
|
## EL8
|
||||||
|
|
||||||
Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023
|
- Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023
|
||||||
Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023
|
- Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023
|
||||||
|
Loading…
Reference in New Issue
Block a user