security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'Use relative cross-links between issue and package pages' (#12) from solardiz-patch-10 into main
All checks were successful
mkdocs build / build (push) Successful in 28s
Details

Browse Source 
Reviewed-on: #12
Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
Neil Hanlon 2023-11-15 23:54:24 +00:00
commit 3a5e3ab476
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/issues/CVE-2023-23583.md
View File

@ -24,7 +24,7 @@ Public disclosure date: November 14, 2023
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md).
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
## EL8

2
docs/issues/CVE-2023-4911.md
View File

@ -19,7 +19,7 @@ Public disclosure date: October 3, 2023
- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md).
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md).
## EL8

2
docs/packages/glibc.md
View File

@ -16,7 +16,7 @@
#### Known-effective vulnerability mitigations and fixes
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](https://www.openwall.com/lists/oss-security/2023/10/03/2) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on.

2
docs/packages/microcode_ctl.md
View File

@ -7,7 +7,7 @@
### Changes summary
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](https://www.openwall.com/lists/oss-security/2023/11/14/4)), temporarily dropping most documentation patches
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
### Change log