generated from sig_core/wiki-template
Use relative cross-links between issue and package pages
This commit is contained in:
parent
4cb56ee1c2
commit
414bca6267
@ -24,7 +24,7 @@ Public disclosure date: November 14, 2023
|
|||||||
|
|
||||||
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
||||||
|
|
||||||
Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md).
|
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
|
||||||
|
|
||||||
## EL8
|
## EL8
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@ Public disclosure date: October 3, 2023
|
|||||||
- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
|
- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
|
||||||
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
|
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
|
||||||
|
|
||||||
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md).
|
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md).
|
||||||
|
|
||||||
## EL8
|
## EL8
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
#### Known-effective vulnerability mitigations and fixes
|
#### Known-effective vulnerability mitigations and fixes
|
||||||
|
|
||||||
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](https://www.openwall.com/lists/oss-security/2023/10/03/2) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
|
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
|
||||||
|
|
||||||
In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on.
|
In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on.
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
### Changes summary
|
### Changes summary
|
||||||
|
|
||||||
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](https://www.openwall.com/lists/oss-security/2023/11/14/4)), temporarily dropping most documentation patches
|
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
|
||||||
|
|
||||||
### Change log
|
### Change log
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user