security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed d719891 with MkDocs version: 1.5.3

Browse Source
This commit is contained in:
2023-11-16 23:32:00 +00:00
parent 283f5a3980
commit 1b82790b63
5 changed files with 34 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
index.html
View File

@ -353,6 +353,13 @@
Extra packages (currently only for EL9) Extra packages (currently only for EL9)
</a> </a>
</li>
<li class="md-nav__item">
<a href="#override-packages-for-el8-and-el9" class="md-nav__link">
Override packages (for EL8 and EL9)
</a>
</li> </li>
<li class="md-nav__item"> <li class="md-nav__item">
@ -733,10 +740,13 @@
<ul> <ul>
<li><a href="packages/hardened_malloc/">hardened_malloc</a> (Security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)</li> <li><a href="packages/hardened_malloc/">hardened_malloc</a> (Security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)</li>
</ul> </ul>
<h3 id="override-packages-for-el8-and-el9">Override packages (for EL8 and EL9)<a class="headerlink" href="#override-packages-for-el8-and-el9" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="packages/microcode_ctl/">microcode_ctl</a> (updates Intel CPU microcode to microcode-20231114, which fixes <a href="issues/CVE-2023-23583/">CVE-2023-23583</a>)</li>
</ul>
<h3 id="override-packages-currently-only-for-el9">Override packages (currently only for EL9)<a class="headerlink" href="#override-packages-currently-only-for-el9" title="Permanent link">&para;</a></h3> <h3 id="override-packages-currently-only-for-el9">Override packages (currently only for EL9)<a class="headerlink" href="#override-packages-currently-only-for-el9" title="Permanent link">&para;</a></h3>
<ul> <ul>
<li><a href="packages/glibc/">glibc</a> (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)</li> <li><a href="packages/glibc/">glibc</a> (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)</li>
<li><a href="packages/microcode_ctl/">microcode_ctl</a> (updates Intel CPU microcode to microcode-20231114, which fixes <a href="issues/CVE-2023-23583/">CVE-2023-23583</a>)</li>
<li><a href="packages/openssh/">openssh</a> (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)</li> <li><a href="packages/openssh/">openssh</a> (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)</li>
</ul> </ul>
<p>The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs. <p>The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.

6
issues/CVE-2023-23583/index.html
View File

@ -651,18 +651,18 @@
<ul> <ul>
<li>Fixed in version: <code>4:20231114-1.el9_2.security</code> available November 15, 2023</li> <li>Fixed in version: <code>4:20231114-1.el9_2.security</code> available November 15, 2023</li>
</ul> </ul>
<p>Please refer to our <a href="../../packages/microcode_ctl/">override package of microcode_ctl</a>.</p>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2> <h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<ul> <ul>
<li>Not fixed yet, will fix.</li> <li>Fixed in version <code>4:20230808-2.20231009.1.el8.security</code> available November 16, 2023</li>
</ul> </ul>
<p>Please refer to our <a href="../../packages/microcode_ctl/">override package of microcode_ctl</a>.</p>
<hr> <hr>
<div class="md-source-file"> <div class="md-source-file">
<small> <small>
Last update: Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 15, 2023</span> <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 16, 2023</span>
</small> </small>

23
packages/microcode_ctl/index.html
View File

@ -534,7 +534,14 @@
EL9 EL9
</a> </a>
<nav class="md-nav" aria-label="EL9"> </li>
<li class="md-nav__item">
<a href="#el8" class="md-nav__link">
EL8
</a>
<nav class="md-nav" aria-label="EL8">
<ul class="md-nav__list"> <ul class="md-nav__list">
<li class="md-nav__item"> <li class="md-nav__item">
@ -639,13 +646,21 @@
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2> <h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul> <ul>
<li>Version <code>4:20231114-1.el9_2.security</code></li> <li>Version <code>4:20231114-1.el9_2.security</code></li>
<li>Based on <code>4:20230808-2</code></li> <li>Based on <code>4:20230808-2.el9</code></li>
</ul> </ul>
<p>This is our custom revision of a post-9.2 EL9 package. We use Intel's latest released microcode.</p>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>4:20230808-2.20231009.1.el8.security</code></li>
<li>Based on <code>4:20230808-2.20231009.1.el8</code></li>
</ul>
<p>This is a rebuild of the 8.9 package as-is to make it available for 8.8. It uses Intel's fixed microcode revision that was provided to distros privately in preparation for the coordinated disclosure.</p>
<h3 id="changes-summary">Changes summary<a class="headerlink" href="#changes-summary" title="Permanent link">&para;</a></h3> <h3 id="changes-summary">Changes summary<a class="headerlink" href="#changes-summary" title="Permanent link">&para;</a></h3>
<ul> <ul>
<li>Update Intel CPU microcode to microcode-20231114 (fixes <a href="../../issues/CVE-2023-23583/">CVE-2023-23583</a>), temporarily dropping most documentation patches</li> <li>Update Intel CPU microcode to fix <a href="../../issues/CVE-2023-23583/">CVE-2023-23583</a>, temporarily dropping most documentation patches</li>
</ul> </ul>
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3> <h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3>
<p>For EL9:</p>
<div class="highlight"><pre><span></span><code>* Tue Nov 14 2023 Solar Designer &lt;solar@openwall.com&gt; - 4:20231114-1 <div class="highlight"><pre><span></span><code>* Tue Nov 14 2023 Solar Designer &lt;solar@openwall.com&gt; - 4:20231114-1
- Update Intel CPU microcode to microcode-20231114 (fixes CVE-2023-23583), - Update Intel CPU microcode to microcode-20231114 (fixes CVE-2023-23583),
temporarily dropping most documentation patches temporarily dropping most documentation patches
@ -656,7 +671,7 @@
<small> <small>
Last update: Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 15, 2023</span> <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 16, 2023</span>
</small> </small>

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

BIN
sitemap.xml.gz
View File

Binary file not shown.