forked from security/wiki
Add microcode_ctl for EL8
This commit is contained in:
parent
50a81d42ed
commit
b4d2b3b8be
@ -45,10 +45,13 @@ You'll normally install packages from the mirrors, which should just work. Howev
|
|||||||
|
|
||||||
- [hardened_malloc](packages/hardened_malloc.md) (Security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)
|
- [hardened_malloc](packages/hardened_malloc.md) (Security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)
|
||||||
|
|
||||||
|
### Override packages (for EL8 and EL9)
|
||||||
|
|
||||||
|
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
|
||||||
|
|
||||||
### Override packages (currently only for EL9)
|
### Override packages (currently only for EL9)
|
||||||
|
|
||||||
- [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)
|
- [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)
|
||||||
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
|
|
||||||
- [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)
|
- [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)
|
||||||
|
|
||||||
The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
|
The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
|
||||||
|
@ -24,8 +24,8 @@ Public disclosure date: November 14, 2023
|
|||||||
|
|
||||||
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
||||||
|
|
||||||
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
|
|
||||||
|
|
||||||
## EL8
|
## EL8
|
||||||
|
|
||||||
- Not fixed yet, will fix.
|
- Fixed in version `4:20230808-2.20231009.1.el8.security` available November 16, 2023
|
||||||
|
|
||||||
|
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
|
||||||
|
@ -3,14 +3,25 @@
|
|||||||
## EL9
|
## EL9
|
||||||
|
|
||||||
- Version `4:20231114-1.el9_2.security`
|
- Version `4:20231114-1.el9_2.security`
|
||||||
- Based on `4:20230808-2`
|
- Based on `4:20230808-2.el9`
|
||||||
|
|
||||||
|
This is our custom revision of a post-9.2 EL9 package. We use Intel's latest released microcode.
|
||||||
|
|
||||||
|
## EL8
|
||||||
|
|
||||||
|
- Version `4:20230808-2.20231009.1.el8.security`
|
||||||
|
- Based on `4:20230808-2.20231009.1.el8`
|
||||||
|
|
||||||
|
This is a rebuild of the 8.9 package as-is to make it available for 8.8. It uses Intel's fixed microcode revision that was provided to distros privately in preparation for the coordinated disclosure.
|
||||||
|
|
||||||
### Changes summary
|
### Changes summary
|
||||||
|
|
||||||
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
|
- Update Intel CPU microcode to fix [CVE-2023-23583](../issues/CVE-2023-23583.md), temporarily dropping most documentation patches
|
||||||
|
|
||||||
### Change log
|
### Change log
|
||||||
|
|
||||||
|
For EL9:
|
||||||
|
|
||||||
```
|
```
|
||||||
* Tue Nov 14 2023 Solar Designer <solar@openwall.com> - 4:20231114-1
|
* Tue Nov 14 2023 Solar Designer <solar@openwall.com> - 4:20231114-1
|
||||||
- Update Intel CPU microcode to microcode-20231114 (fixes CVE-2023-23583),
|
- Update Intel CPU microcode to microcode-20231114 (fixes CVE-2023-23583),
|
||||||
|
Loading…
Reference in New Issue
Block a user