Deployed 4cb56ee with MkDocs version: 1.5.3

404.html

@@ -315,7 +315,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -335,7 +335,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 

index.html

@@ -460,7 +460,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -480,7 +480,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 
@@ -692,7 +692,7 @@
 <h3 id="override-packages-currently-only-for-el9">Override packages (currently only for EL9)<a class="headerlink" href="#override-packages-currently-only-for-el9" title="Permanent link">&para;</a></h3>
 <ul>
 <li><a href="packages/glibc/">glibc</a> (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)</li>
-<li><a href="packages/microcode_ctl/">microcode_ctl</a> (updates Intel CPU microcode to microcode-20231114, which fixes CVE-2023-23583)</li>
+<li><a href="packages/microcode_ctl/">microcode_ctl</a> (updates Intel CPU microcode to microcode-20231114, which fixes <a href="issues/CVE-2023-23583/">CVE-2023-23583</a>)</li>
 <li><a href="packages/openssh/">openssh</a> (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)</li>
 </ul>
 <p>The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.

issues/CVE-2023-23583/index.html

@@ -24,7 +24,7 @@
     
     
       
-        <title>CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior - SIG/Security Wiki</title>
+        <title>CVE-2023-23583: microcode_ctl - SIG/Security Wiki</title>
       
     
     
@@ -79,7 +79,7 @@
     <div data-md-component="skip">
       
         
-        <a href="#cve-2023-23583-microcode_ctl-intel-cpus-execution-of-movsb-instructions-with-redundant-rex-prefix-leads-to-unintended-system-behavior" class="md-skip">
+        <a href="#cve-2023-23583-microcode_ctl" class="md-skip">
           Skip to content
         </a>
       
@@ -114,7 +114,7 @@
         <div class="md-header__topic" data-md-component="header-topic">
           <span class="md-ellipsis">
             
-              CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+              CVE-2023-23583: microcode_ctl
             
           </span>
         </div>
@@ -335,7 +335,7 @@
           
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -346,7 +346,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -367,6 +367,13 @@
     </label>
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
       
+        <li class="md-nav__item">
+  <a href="#title" class="md-nav__link">
+    Title
+  </a>
+  
+</li>
+      
         <li class="md-nav__item">
   <a href="#summary" class="md-nav__link">
     Summary
@@ -407,7 +414,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 
@@ -585,7 +592,9 @@
   
 
 
-<h1 id="cve-2023-23583-microcode_ctl-intel-cpus-execution-of-movsb-instructions-with-redundant-rex-prefix-leads-to-unintended-system-behavior">CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior<a class="headerlink" href="#cve-2023-23583-microcode_ctl-intel-cpus-execution-of-movsb-instructions-with-redundant-rex-prefix-leads-to-unintended-system-behavior" title="Permanent link">&para;</a></h1>
+<h1 id="cve-2023-23583-microcode_ctl">CVE-2023-23583: microcode_ctl<a class="headerlink" href="#cve-2023-23583-microcode_ctl" title="Permanent link">&para;</a></h1>
+<h2 id="title">Title<a class="headerlink" href="#title" title="Permanent link">&para;</a></h2>
+<p>CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior</p>
 <h2 id="summary">Summary<a class="headerlink" href="#summary" title="Permanent link">&para;</a></h2>
 <p>As described by <a href="https://www.openwall.com/lists/oss-security/2023/11/14/4">Intel</a>:</p>
 <p>Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege from CPL3 to CPL0.</p>
@@ -595,9 +604,14 @@
 <p>More detail is available via these <a href="https://www.openwall.com/lists/oss-security/2023/11/14/7">links to Intel's website</a> and in the public disclosure by <a href="https://lock.cmpxchg8b.com/reptar.html">Tavis Ormandy</a> from <a href="https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability">Google</a>.</p>
 <p>Public disclosure date: November 14, 2023</p>
 <h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
-<p>Fixed in version: <code>4:20231114-1.el9_2.security</code> available November 15, 2023</p>
+<ul>
+<li>Fixed in version: <code>4:20231114-1.el9_2.security</code> available November 15, 2023</li>
+</ul>
+<p>Please refer to our <a href="/packages/microcode_ctl.md">override package of microcode_ctl</a>.</p>
 <h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
-<p>Not fixed yet, will fix.</p>
+<ul>
+<li>Not fixed yet, will fix.</li>
+</ul>
 
   <hr>
 <div class="md-source-file">

issues/CVE-2023-4911/index.html

@@ -24,7 +24,7 @@
     
     
       
-        <title>CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation - SIG/Security Wiki</title>
+        <title>CVE-2023-4911: glibc - SIG/Security Wiki</title>
       
     
     
@@ -79,7 +79,7 @@
     <div data-md-component="skip">
       
         
-        <a href="#cve-2023-4911-glibc-looney-tunables-buffer-overflow-in-ldso-leading-to-privilege-escalation" class="md-skip">
+        <a href="#cve-2023-4911-glibc" class="md-skip">
           Skip to content
         </a>
       
@@ -114,7 +114,7 @@
         <div class="md-header__topic" data-md-component="header-topic">
           <span class="md-ellipsis">
             
-              CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+              CVE-2023-4911: glibc
             
           </span>
         </div>
@@ -326,7 +326,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -355,7 +355,7 @@
           
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 
@@ -366,7 +366,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 
@@ -387,6 +387,13 @@
     </label>
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
       
+        <li class="md-nav__item">
+  <a href="#title" class="md-nav__link">
+    Title
+  </a>
+  
+</li>
+      
         <li class="md-nav__item">
   <a href="#summary" class="md-nav__link">
     Summary
@@ -585,19 +592,25 @@
   
 
 
-<h1 id="cve-2023-4911-glibc-looney-tunables-buffer-overflow-in-ldso-leading-to-privilege-escalation">CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation<a class="headerlink" href="#cve-2023-4911-glibc-looney-tunables-buffer-overflow-in-ldso-leading-to-privilege-escalation" title="Permanent link">&para;</a></h1>
+<h1 id="cve-2023-4911-glibc">CVE-2023-4911: glibc<a class="headerlink" href="#cve-2023-4911-glibc" title="Permanent link">&para;</a></h1>
+<h2 id="title">Title<a class="headerlink" href="#title" title="Permanent link">&para;</a></h2>
+<p>CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation</p>
 <h2 id="summary">Summary<a class="headerlink" href="#summary" title="Permanent link">&para;</a></h2>
 <p>As described by <a href="https://access.redhat.com/security/cve/CVE-2023-4911">Red Hat</a> and in <a href="https://www.cve.org/CVERecord?id=CVE-2023-4911">CVE-2023-4911</a>:</p>
 <p>A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the <code>GLIBC_TUNABLES</code> environment variable. This issue could allow a local attacker to use maliciously crafted <code>GLIBC_TUNABLES</code> environment variables when launching binaries with SUID permission to execute code with elevated privileges.</p>
 <p>More detail is available in the <a href="https://www.openwall.com/lists/oss-security/2023/10/03/2">public disclosure</a> by <a href="https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so">Qualys</a>, the team who discovered the issue.</p>
 <p>Public disclosure date: October 3, 2023</p>
 <h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
-<p>Mitigated in version: <code>2.34-60.el9_2.security.0.2</code> available October 3, 2023
-Fixed in version: <code>glibc-2.34-60.el9_2.7</code> available October 5, 2023</p>
-<p>Besides the upstream fix, we also retained the mitigation in the <a href="packages/glibc.md">Security SIG package of glibc</a>.</p>
+<ul>
+<li>Mitigated in version: <code>2.34-60.el9_2.security.0.2</code> available October 3, 2023</li>
+<li>Fixed in version: <code>glibc-2.34-60.el9_2.7</code> available October 5, 2023</li>
+</ul>
+<p>Besides the upstream fix, we also retained the mitigation in our <a href="/packages/glibc.md">override package of glibc</a>.</p>
 <h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
-<p>Fixed in version: <code>glibc-0:2.28-225.el8_8.6</code> available October 5, 2023
-Errata: <a href="https://errata.rockylinux.org/RLSA-2023:5455">RLSA-2023:5455</a> issued October 7, 2023</p>
+<ul>
+<li>Fixed in version: <code>glibc-0:2.28-225.el8_8.6</code> available October 5, 2023</li>
+<li>Errata: <a href="https://errata.rockylinux.org/RLSA-2023:5455">RLSA-2023:5455</a> issued October 7, 2023</li>
+</ul>
 
   <hr>
 <div class="md-source-file">

packages/glibc/index.html

@@ -326,7 +326,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -346,7 +346,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 

packages/hardened_malloc/index.html

@@ -326,7 +326,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -346,7 +346,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 

packages/microcode_ctl/index.html

@@ -326,7 +326,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -346,7 +346,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>
   
 

packages/openssh/index.html

@@ -324,7 +324,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
+    CVE-2023-23583: microcode_ctl
   </span>
   
 
@@ -344,7 +344,7 @@
         
   
   <span class="md-ellipsis">
-    CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+    CVE-2023-4911: glibc
   </span>