forked from security/wiki
Merge pull request 'Add microcode_ctl for EL8' (#14) from solardiz-patch-12 into main
Reviewed-on: security/wiki#14 Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
commit
d719891f5d
@ -45,10 +45,13 @@ You'll normally install packages from the mirrors, which should just work. Howev
|
||||
|
||||
- [hardened_malloc](packages/hardened_malloc.md) (Security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)
|
||||
|
||||
### Override packages (for EL8 and EL9)
|
||||
|
||||
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
|
||||
|
||||
### Override packages (currently only for EL9)
|
||||
|
||||
- [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)
|
||||
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
|
||||
- [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)
|
||||
|
||||
The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
|
||||
|
@ -24,8 +24,8 @@ Public disclosure date: November 14, 2023
|
||||
|
||||
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
||||
|
||||
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
|
||||
|
||||
## EL8
|
||||
|
||||
- Not fixed yet, will fix.
|
||||
- Fixed in version `4:20230808-2.20231009.1.el8.security` available November 16, 2023
|
||||
|
||||
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
|
||||
|
@ -3,14 +3,25 @@
|
||||
## EL9
|
||||
|
||||
- Version `4:20231114-1.el9_2.security`
|
||||
- Based on `4:20230808-2`
|
||||
- Based on `4:20230808-2.el9`
|
||||
|
||||
This is our custom revision of a post-9.2 EL9 package. We use Intel's latest released microcode.
|
||||
|
||||
## EL8
|
||||
|
||||
- Version `4:20230808-2.20231009.1.el8.security`
|
||||
- Based on `4:20230808-2.20231009.1.el8`
|
||||
|
||||
This is a rebuild of the 8.9 package as-is to make it available for 8.8. It uses Intel's fixed microcode revision that was provided to distros privately in preparation for the coordinated disclosure.
|
||||
|
||||
### Changes summary
|
||||
|
||||
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
|
||||
- Update Intel CPU microcode to fix [CVE-2023-23583](../issues/CVE-2023-23583.md), temporarily dropping most documentation patches
|
||||
|
||||
### Change log
|
||||
|
||||
For EL9:
|
||||
|
||||
```
|
||||
* Tue Nov 14 2023 Solar Designer <solar@openwall.com> - 4:20231114-1
|
||||
- Update Intel CPU microcode to microcode-20231114 (fixes CVE-2023-23583),
|
||||
|
Loading…
Reference in New Issue
Block a user