security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed 50aad98 with MkDocs version: 1.5.3

Browse Source
This commit is contained in:
2023-11-27 13:49:44 +00:00
parent 289f7dc331
commit 4650f14376
15 changed files with 228 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
404.html
View File

@ -14,7 +14,7 @@
<link rel="icon" href="/assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -244,6 +244,7 @@
<li class="md-nav__item">
<a href="/." class="md-nav__link">
@ -263,6 +264,7 @@
@ -310,6 +312,7 @@
<li class="md-nav__item">
<a href="/issues/CVE-2023-23583/" class="md-nav__link">
@ -330,6 +333,7 @@
<li class="md-nav__item">
<a href="/issues/CVE-2023-4911/" class="md-nav__link">
@ -357,6 +361,7 @@
@ -412,6 +417,7 @@
<li class="md-nav__item">
<a href="/packages/glibc/" class="md-nav__link">
@ -432,6 +438,7 @@
<li class="md-nav__item">
<a href="/packages/hardened_malloc/" class="md-nav__link">
@ -452,6 +459,7 @@
<li class="md-nav__item">
<a href="/packages/lkrg/" class="md-nav__link">
@ -472,6 +480,7 @@
<li class="md-nav__item">
<a href="/packages/microcode_ctl/" class="md-nav__link">
@ -492,6 +501,7 @@
<li class="md-nav__item">
<a href="/packages/openssh/" class="md-nav__link">
@ -512,6 +522,7 @@
<li class="md-nav__item">
<a href="/packages/passwdqc/" class="md-nav__link">
@ -593,7 +604,7 @@
<script id="__config" type="application/json">{"base": "/", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "/assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="/assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="/assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

12
assets/javascripts/bundle.6c14ae12.min.js → assets/javascripts/bundle.cd18aaf1.min.js vendored
View File

File diff suppressed because one or more lines are too long

6
assets/javascripts/bundle.6c14ae12.min.js.map → assets/javascripts/bundle.cd18aaf1.min.js.map
View File

File diff suppressed because one or more lines are too long

27
index.html
View File

@ -18,7 +18,7 @@
<link rel="icon" href="assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -441,6 +442,7 @@
@ -488,6 +490,7 @@
<li class="md-nav__item">
<a href="issues/CVE-2023-23583/" class="md-nav__link">
@ -508,6 +511,7 @@
<li class="md-nav__item">
<a href="issues/CVE-2023-4911/" class="md-nav__link">
@ -535,6 +539,7 @@
@ -590,6 +595,7 @@
<li class="md-nav__item">
<a href="packages/glibc/" class="md-nav__link">
@ -610,6 +616,7 @@
<li class="md-nav__item">
<a href="packages/hardened_malloc/" class="md-nav__link">
@ -630,6 +637,7 @@
<li class="md-nav__item">
<a href="packages/lkrg/" class="md-nav__link">
@ -650,6 +658,7 @@
<li class="md-nav__item">
<a href="packages/microcode_ctl/" class="md-nav__link">
@ -670,6 +679,7 @@
<li class="md-nav__item">
<a href="packages/openssh/" class="md-nav__link">
@ -690,6 +700,7 @@
<li class="md-nav__item">
<a href="packages/passwdqc/" class="md-nav__link">
@ -746,16 +757,14 @@
<h3 id="on-another-compatible-el-distro">On another compatible EL distro<a class="headerlink" href="#on-another-compatible-el-distro" title="Permanent link">&para;</a></h3>
<p>Download the release package containing our repository configuration file and package signing public key. Use the version that corresponds to the major version of your EL distro.</p>
<ul>
<li><a href="https://download.rockylinux.org/pub/rocky/9/extras/x86_64/os/Packages/r/rocky-release-security-9-2.el9.noarch.rpm">rocky-release-security-9</a></li>
<li><a href="https://download.rockylinux.org/pub/rocky/8/extras/x86_64/os/Packages/r/rocky-release-security-8-2.el8.noarch.rpm">rocky-release-security-8</a></li>
<li><a href="https://download.rockylinux.org/pub/rocky/9/extras/x86_64/os/Packages/r/rocky-release-security-9-3.el9.noarch.rpm">rocky-release-security-9</a></li>
<li><a href="https://download.rockylinux.org/pub/rocky/8/extras/x86_64/os/Packages/r/rocky-release-security-8-3.el8.noarch.rpm">rocky-release-security-8</a></li>
</ul>
<p>Verify the package file's SHA-256 digest with <code>sha256sum</code>. The currently expected digests are:</p>
<div class="highlight"><pre><span></span><code>8daf0934c8b5cfce1f5c2dc53ea0118102940bf307c7cc8863ab718696863da6 rocky-release-security-9-2.el9.noarch.rpm
15aebef7257d4ff3c59a3b4e45acf8fae9894a10ddd2c924dfd521033337e96c rocky-release-security-8-2.el8.noarch.rpm
<div class="highlight"><pre><span></span><code>0d0cfcb16379b4c374b45a7a4ec86894f5bbdd977103cc5544be0f6fc2581a2a rocky-release-security-9-3.el9.noarch.rpm
8dc7912f0ab55dff4cb2b1dc9262c22aa89d911cdb680d33213737597d865006 rocky-release-security-8-3.el8.noarch.rpm
</code></pre></div>
<p>This isn't as secure as checking the package signature would be <em>if</em> you previously had our package signing public key, but on another distro you probably don't have that yet, so checking the digest against its copy obtained from this separate website is a best-effort measure.</p>
<p>Install the package with <code>rpm -U --nodeps</code>. The <code>--nodeps</code> option is needed to bypass the dependency check on our <code>rocky-release</code> package. In essense, you're manually confirming to <code>rpm</code> that you're installing on a compatible distro.</p>
<p>You'll normally install packages from the mirrors, which should just work. However, if there's any issue with the mirrors and you uncomment our <code>baseurl</code> line instead, then on non-Rocky you'll need to use <code>DNF_VAR_sigcontentdir=/pub/sig dnf</code> in place of simply <code>dnf</code>.</p>
<h2 id="packages">Packages<a class="headerlink" href="#packages" title="Permanent link">&para;</a></h2>
<h3 id="extra-packages-for-el8-and-el9">Extra packages (for EL8 and EL9)<a class="headerlink" href="#extra-packages-for-el8-and-el9" title="Permanent link">&para;</a></h3>
<ul>
@ -830,7 +839,7 @@ More packages/changes are planned, including override packages also for EL8.</p>
<small>
Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 19, 2023</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 25, 2023</span>
</small>
@ -886,7 +895,7 @@ More packages/changes are planned, including override packages also for EL8.</p>
<script id="__config" type="application/json">{"base": ".", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

15
issues/CVE-2023-23583/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -276,6 +277,7 @@
@ -323,6 +325,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -417,6 +420,7 @@
<li class="md-nav__item">
<a href="../CVE-2023-4911/" class="md-nav__link">
@ -444,6 +448,7 @@
@ -499,6 +504,7 @@
<li class="md-nav__item">
<a href="../../packages/glibc/" class="md-nav__link">
@ -519,6 +525,7 @@
<li class="md-nav__item">
<a href="../../packages/hardened_malloc/" class="md-nav__link">
@ -539,6 +546,7 @@
<li class="md-nav__item">
<a href="../../packages/lkrg/" class="md-nav__link">
@ -559,6 +567,7 @@
<li class="md-nav__item">
<a href="../../packages/microcode_ctl/" class="md-nav__link">
@ -579,6 +588,7 @@
<li class="md-nav__item">
<a href="../../packages/openssh/" class="md-nav__link">
@ -599,6 +609,7 @@
<li class="md-nav__item">
<a href="../../packages/passwdqc/" class="md-nav__link">
@ -726,7 +737,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

15
issues/CVE-2023-4911/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -276,6 +277,7 @@
@ -321,6 +323,7 @@
<li class="md-nav__item">
<a href="../CVE-2023-23583/" class="md-nav__link">
@ -343,6 +346,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -444,6 +448,7 @@
@ -499,6 +504,7 @@
<li class="md-nav__item">
<a href="../../packages/glibc/" class="md-nav__link">
@ -519,6 +525,7 @@
<li class="md-nav__item">
<a href="../../packages/hardened_malloc/" class="md-nav__link">
@ -539,6 +546,7 @@
<li class="md-nav__item">
<a href="../../packages/lkrg/" class="md-nav__link">
@ -559,6 +567,7 @@
<li class="md-nav__item">
<a href="../../packages/microcode_ctl/" class="md-nav__link">
@ -579,6 +588,7 @@
<li class="md-nav__item">
<a href="../../packages/openssh/" class="md-nav__link">
@ -599,6 +609,7 @@
<li class="md-nav__item">
<a href="../../packages/passwdqc/" class="md-nav__link">
@ -725,7 +736,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

52
packages/glibc/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -274,6 +275,7 @@
@ -321,6 +323,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-23583/" class="md-nav__link">
@ -341,6 +344,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-4911/" class="md-nav__link">
@ -370,6 +374,7 @@
@ -425,6 +430,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -531,6 +537,7 @@
<li class="md-nav__item">
<a href="../hardened_malloc/" class="md-nav__link">
@ -551,6 +558,7 @@
<li class="md-nav__item">
<a href="../lkrg/" class="md-nav__link">
@ -571,6 +579,7 @@
<li class="md-nav__item">
<a href="../microcode_ctl/" class="md-nav__link">
@ -591,6 +600,7 @@
<li class="md-nav__item">
<a href="../openssh/" class="md-nav__link">
@ -611,6 +621,7 @@
<li class="md-nav__item">
<a href="../passwdqc/" class="md-nav__link">
@ -659,8 +670,8 @@
<h1 id="override-package-glibc">Override package: glibc<a class="headerlink" href="#override-package-glibc" title="Permanent link">&para;</a></h1>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>2.34-60.7.el9_2.security.0.3</code></li>
<li>Based on <code>2.34-60.el9_2.7</code></li>
<li>Version <code>2.34-83.7.el9_3.security.0.3</code></li>
<li>Based on <code>2.34-83.el9.7</code></li>
</ul>
<h3 id="changes-summary">Changes summary<a class="headerlink" href="#changes-summary" title="Permanent link">&para;</a></h3>
<ul>
@ -672,32 +683,19 @@
<li>In <code>tmpfile(3)</code> use the <code>TMPDIR</code> environment variable (when not running SUID/SGID/setcap) (ALT Linux)</li>
</ul>
<h4 id="known-effective-vulnerability-mitigations-and-fixes">Known-effective vulnerability mitigations and fixes<a class="headerlink" href="#known-effective-vulnerability-mitigations-and-fixes" title="Permanent link">&para;</a></h4>
<p><code>2.34-60.el9_2.security.0.2</code> included mitigations sufficient to avoid security exposure of <a href="../../issues/CVE-2023-4911/">CVE-2023-4911</a> and a backport of upstream glibc fix of <a href="https://www.openwall.com/lists/oss-security/2023/09/25/1">CVE-2023-4527</a> that was not yet in upstream EL. In the update to <code>2.34-60.7.el9_2.security.0.3</code>, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).</p>
<p><code>2.34-60.el9_2.security.0.2</code> included mitigations sufficient to avoid security exposure of <a href="../../issues/CVE-2023-4911/">CVE-2023-4911</a> and a backport of upstream glibc fix of <a href="https://www.openwall.com/lists/oss-security/2023/09/25/1">CVE-2023-4527</a> that was not yet in upstream EL. In the update to <code>2.34-60.7.el9_2.security.0.3</code> and beyond, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).</p>
<p>In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on.</p>
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>* Fri Oct 6 2023 Solar Designer &lt;solar@openwall.com&gt; - 2.34-60.7.el9.security.0.3
<div class="highlight"><pre><span></span><code>* Wed Nov 22 2023 Solar Designer &lt;solar@openwall.com&gt; - 2.34-83.7.el9.security.0.3
- Rebase on 2.34-83.7, drop &quot;our&quot; CVE-2023-4527 patch in favor of RH&#39;s
(a similar rebase was made on Oct 6 in 2.34-60.7.el9.security.0.3 for 9.2)
[... upstream changes ...]
* Fri Oct 6 2023 Solar Designer &lt;solar@openwall.com&gt; - 2.34-60.7.el9.security.0.3
- Rebase on 2.34-60.7, drop &quot;our&quot; CVE-2023-4527 patch in favor of RH&#39;s
* Mon Sep 25 2023 Florian Weimer &lt;fweimer@redhat.com&gt; - 2.34-60.7
- Fix memory leak regression in getaddrinfo (RHEL-2425)
* Tue Sep 19 2023 Carlos O&#39;Donell &lt;carlos@redhat.com&gt; - 2.34-60.6
- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-2999)
* Tue Sep 19 2023 Carlos O&#39;Donell &lt;carlos@redhat.com&gt; - 2.34-60.5
- Revert: Always call destructors in reverse constructor order (RHEL-3385)
* Mon Sep 18 2023 Siddhesh Poyarekar &lt;siddhesh@redhat.com&gt; - 2.34-60.4
- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2425)
* Fri Sep 15 2023 Siddhesh Poyarekar &lt;siddhesh@redhat.com&gt; - 2.34-60.3
- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2437)
* Fri Sep 15 2023 Carlos O&#39;Donell &lt;carlos@redhat.com&gt; - 2.34-60.2
- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234715)
* Wed Sep 13 2023 Florian Weimer &lt;fweimer@redhat.com&gt; - 2.34-60.1
- Always call destructors in reverse constructor order (RHEL-3385)
[... upstream changes ...]
* Mon Oct 2 2023 Solar Designer &lt;solar@openwall.com&gt; - 2.34-60.el9.security.0.2
- Add glibc-owl-alt-sanitize-env.patch stitched from several ALT Linux commits
@ -725,7 +723,7 @@
<small>
Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 15, 2023</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 25, 2023</span>
</small>
@ -781,7 +779,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

15
packages/hardened_malloc/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -274,6 +275,7 @@
@ -321,6 +323,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-23583/" class="md-nav__link">
@ -341,6 +344,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-4911/" class="md-nav__link">
@ -370,6 +374,7 @@
@ -423,6 +428,7 @@
<li class="md-nav__item">
<a href="../glibc/" class="md-nav__link">
@ -445,6 +451,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -563,6 +570,7 @@
<li class="md-nav__item">
<a href="../lkrg/" class="md-nav__link">
@ -583,6 +591,7 @@
<li class="md-nav__item">
<a href="../microcode_ctl/" class="md-nav__link">
@ -603,6 +612,7 @@
<li class="md-nav__item">
<a href="../openssh/" class="md-nav__link">
@ -623,6 +633,7 @@
<li class="md-nav__item">
<a href="../passwdqc/" class="md-nav__link">
@ -794,7 +805,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

46
packages/lkrg/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -274,6 +275,7 @@
@ -321,6 +323,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-23583/" class="md-nav__link">
@ -341,6 +344,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-4911/" class="md-nav__link">
@ -370,6 +374,7 @@
@ -423,6 +428,7 @@
<li class="md-nav__item">
<a href="../glibc/" class="md-nav__link">
@ -443,6 +449,7 @@
<li class="md-nav__item">
<a href="../hardened_malloc/" class="md-nav__link">
@ -465,6 +472,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -510,13 +518,22 @@
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#el8-and-el9" class="md-nav__link">
<a href="#el9" class="md-nav__link">
<span class="md-ellipsis">
EL8 and EL9
EL9
</span>
</a>
<nav class="md-nav" aria-label="EL8 and EL9">
</li>
<li class="md-nav__item">
<a href="#el8" class="md-nav__link">
<span class="md-ellipsis">
EL8
</span>
</a>
<nav class="md-nav" aria-label="EL8">
<ul class="md-nav__list">
<li class="md-nav__item">
@ -574,6 +591,7 @@
<li class="md-nav__item">
<a href="../microcode_ctl/" class="md-nav__link">
@ -594,6 +612,7 @@
<li class="md-nav__item">
<a href="../openssh/" class="md-nav__link">
@ -614,6 +633,7 @@
<li class="md-nav__item">
<a href="../passwdqc/" class="md-nav__link">
@ -660,16 +680,21 @@
<h1 id="extra-package-lkrg">Extra package: lkrg<a class="headerlink" href="#extra-package-lkrg" title="Permanent link">&para;</a></h1>
<h2 id="el8-and-el9">EL8 and EL9<a class="headerlink" href="#el8-and-el9" title="Permanent link">&para;</a></h2>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>lkrg-0.9.7-4.el9_2.security</code></li>
<li>Version <code>0.9.7-4.el9_3.security</code></li>
<li>Based on upstream version <code>0.9.7</code></li>
</ul>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>0.9.7-4.el8_9.security</code></li>
<li>Based on upstream version <code>0.9.7</code></li>
</ul>
<h3 id="package-summary">Package summary<a class="headerlink" href="#package-summary" title="Permanent link">&para;</a></h3>
<p>LKRG, or Linux Kernel Runtime Guard, is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.</p>
<p>More information is available on the <a href="https://lkrg.org">LKRG homepage</a> and in the documentation files included in the package.</p>
<h3 id="usage-in-rocky-linux">Usage in Rocky Linux<a class="headerlink" href="#usage-in-rocky-linux" title="Permanent link">&para;</a></h3>
<p>Due to EL's kABI stability and the <code>weak-modules</code> mechanism, which this package uses, the same binary package of LKRG works across different kernel revisions/builds within the same EL minor release (e.g., 9.2). Once there's a new minor release (e.g., 9.2 is upgraded to 9.3), we'll provide a new build of LKRG accordingly.</p>
<p>Due to EL's kABI stability and the <code>weak-modules</code> mechanism, which this package uses, the same binary package of LKRG works across different kernel revisions/builds within the same EL minor release (e.g., 9.3). Once there's a new minor release (e.g., 9.3 is upgraded to 9.4), we'll provide a new build of LKRG accordingly.</p>
<p>Installing the package does not automatically start LKRG nor enable it to start on system bootup. To start LKRG please use:</p>
<div class="highlight"><pre><span></span><code>systemctl start lkrg
</code></pre></div>
@ -677,8 +702,9 @@
<div class="highlight"><pre><span></span><code>systemctl enable lkrg
</code></pre></div>
<h3 id="testing-and-recovery">Testing and recovery<a class="headerlink" href="#testing-and-recovery" title="Permanent link">&para;</a></h3>
<p>Although the current package passed our own testing (on 8.8 and 9.2), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the <code>nolkrg</code> kernel command-line option.</p>
<p>Although the current package passed our own testing (on 9.3 and 8.9), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the <code>nolkrg</code> kernel command-line option.</p>
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3>
<p>The 0.9.7-4 source package was originally built for (and tested on) 9.2 and 8.8, then rebuilt without source level changes for 9.3 and 8.9 (and re-tested on those versions).</p>
<div class="highlight"><pre><span></span><code>* Wed Nov 08 2023 Solar Designer &lt;solar@openwall.com&gt; 0.9.7-4
- Add a couple of upstream patches, most notably to fix kINT false positives on
EL 8.8.
@ -706,7 +732,7 @@ kernel version.
<small>
Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 16, 2023</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 25, 2023</span>
</small>
@ -762,7 +788,7 @@ kernel version.
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

15
packages/microcode_ctl/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -274,6 +275,7 @@
@ -321,6 +323,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-23583/" class="md-nav__link">
@ -341,6 +344,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-4911/" class="md-nav__link">
@ -370,6 +374,7 @@
@ -423,6 +428,7 @@
<li class="md-nav__item">
<a href="../glibc/" class="md-nav__link">
@ -443,6 +449,7 @@
<li class="md-nav__item">
<a href="../hardened_malloc/" class="md-nav__link">
@ -463,6 +470,7 @@
<li class="md-nav__item">
<a href="../lkrg/" class="md-nav__link">
@ -485,6 +493,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -585,6 +594,7 @@
<li class="md-nav__item">
<a href="../openssh/" class="md-nav__link">
@ -605,6 +615,7 @@
<li class="md-nav__item">
<a href="../passwdqc/" class="md-nav__link">
@ -736,7 +747,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

26
packages/openssh/index.html
View File

@ -20,7 +20,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -255,6 +255,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -274,6 +275,7 @@
@ -321,6 +323,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-23583/" class="md-nav__link">
@ -341,6 +344,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-4911/" class="md-nav__link">
@ -370,6 +374,7 @@
@ -423,6 +428,7 @@
<li class="md-nav__item">
<a href="../glibc/" class="md-nav__link">
@ -443,6 +449,7 @@
<li class="md-nav__item">
<a href="../hardened_malloc/" class="md-nav__link">
@ -463,6 +470,7 @@
<li class="md-nav__item">
<a href="../lkrg/" class="md-nav__link">
@ -483,6 +491,7 @@
<li class="md-nav__item">
<a href="../microcode_ctl/" class="md-nav__link">
@ -505,6 +514,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -596,6 +606,7 @@
<li class="md-nav__item">
<a href="../passwdqc/" class="md-nav__link">
@ -644,15 +655,18 @@
<h1 id="override-package-openssh">Override package: openssh<a class="headerlink" href="#override-package-openssh" title="Permanent link">&para;</a></h1>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>8.7p1-30.el9_2.security.0.2</code></li>
<li>Based on <code>8.7p1-30.el9_2</code></li>
<li>Version <code>8.7p1-34.el9_3.security.0.1</code></li>
<li>Based on <code>8.7p1-34.el9</code></li>
</ul>
<h3 id="changes-summary">Changes summary<a class="headerlink" href="#changes-summary" title="Permanent link">&para;</a></h3>
<ul>
<li>Instead of linking against <code>libsystemd</code>, load it dynamically in a temporary child process to avoid polluting actual <code>sshd</code>'s address space with that library and its many dependencies (shortens <code>ldd sshd</code> output from 28 to 20 lines)</li>
</ul>
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>* Sat Oct 07 2023 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-30.el9.security.0.2
<div class="highlight"><pre><span></span><code>* Wed Nov 22 2023 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-34.el9_3.security.0.1
- Rebase 8.7p1-30.el9.security.0.2 on 8.7p1-34
* Sat Oct 07 2023 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-30.el9.security.0.2
- Load libsystemd.so.0, not libsystemd.so, as the latter is only provided by
systemd-devel
@ -667,7 +681,7 @@
<small>
Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">October 13, 2023</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 25, 2023</span>
</small>
@ -723,7 +737,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

54
packages/passwdqc/index.html
View File

@ -18,7 +18,7 @@
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.10">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.4.14">
@ -253,6 +253,7 @@
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
@ -272,6 +273,7 @@
@ -319,6 +321,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-23583/" class="md-nav__link">
@ -339,6 +342,7 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2023-4911/" class="md-nav__link">
@ -368,6 +372,7 @@
@ -421,6 +426,7 @@
<li class="md-nav__item">
<a href="../glibc/" class="md-nav__link">
@ -441,6 +447,7 @@
<li class="md-nav__item">
<a href="../hardened_malloc/" class="md-nav__link">
@ -461,6 +468,7 @@
<li class="md-nav__item">
<a href="../lkrg/" class="md-nav__link">
@ -481,6 +489,7 @@
<li class="md-nav__item">
<a href="../microcode_ctl/" class="md-nav__link">
@ -501,6 +510,7 @@
<li class="md-nav__item">
<a href="../openssh/" class="md-nav__link">
@ -523,6 +533,7 @@
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
@ -568,13 +579,22 @@
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#el8-and-el9" class="md-nav__link">
<a href="#el9" class="md-nav__link">
<span class="md-ellipsis">
EL8 and EL9
EL9
</span>
</a>
<nav class="md-nav" aria-label="EL8 and EL9">
</li>
<li class="md-nav__item">
<a href="#el8" class="md-nav__link">
<span class="md-ellipsis">
EL8
</span>
</a>
<nav class="md-nav" aria-label="EL8">
<ul class="md-nav__list">
<li class="md-nav__item">
@ -621,6 +641,15 @@
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#libpasswdqc-devel" class="md-nav__link">
<span class="md-ellipsis">
libpasswdqc-devel
</span>
</a>
</li>
<li class="md-nav__item">
@ -682,16 +711,21 @@
<h1 id="extra-package-passwdqc">Extra package: passwdqc<a class="headerlink" href="#extra-package-passwdqc" title="Permanent link">&para;</a></h1>
<h2 id="el8-and-el9">EL8 and EL9<a class="headerlink" href="#el8-and-el9" title="Permanent link">&para;</a></h2>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>2.0.3-2.el9_2.security</code></li>
<li>Based on upstream version <code>2.0.3-2</code> as packaged in Fedora</li>
</ul>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>2.0.3-2.el8.security</code></li>
<li>Based on upstream version <code>2.0.3-2</code> as packaged in Fedora</li>
</ul>
<h3 id="package-summary">Package summary<a class="headerlink" href="#package-summary" title="Permanent link">&para;</a></h3>
<p><code>passwdqc</code> is a password/passphrase strength checking and policy enforcement toolset, including a PAM module (<code>pam_passwdqc</code>), command-line programs (<code>pwqcheck</code>, <code>pwqfilter</code>, and <code>pwqgen</code>), and a library (<code>libpasswdqc</code>).</p>
<p>More information is available on the <a href="https://www.openwall.com/passwdqc/">passwdqc homepage</a> and in the documentation files (man pages and a README) included in the sub-packages below.</p>
<h3 id="usage-in-rocky-linux">Usage in Rocky Linux<a class="headerlink" href="#usage-in-rocky-linux" title="Permanent link">&para;</a></h3>
<p>There are 4 sub-packages:</p>
<p>There are 5 sub-packages:</p>
<h4 id="pam_passwdqc">pam_passwdqc<a class="headerlink" href="#pam_passwdqc" title="Permanent link">&para;</a></h4>
<p><code>pam_passwdqc</code> is a PAM module that is normally invoked on password changes by programs such as <code>passwd(1)</code>. It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable.</p>
<p>Merely installing this sub-package does not yet configure the system to use the PAM module. To do so, please edit PAM configuration files e.g. like <a href="https://github.com/openwall/passwdqc/issues/19#issuecomment-1140262371">shown here</a>.</p>
@ -700,15 +734,17 @@
<p>The <code>pwqfilter</code> program searches, creates, or updates binary passphrase filter files, which can also be used with <code>pwqcheck</code> and <code>pam_passwdqc</code>. This can be used for checking of user-provided passwords against existing data breaches, which is recommended in the current NIST guidance, specifically in publication 800-63B sections 5.1.1.2 and A.3. Paid pre-generated filter files are available from Openwall at the project homepage above, but with this tool you can also generate your own.</p>
<h4 id="libpasswdqc">libpasswdqc<a class="headerlink" href="#libpasswdqc" title="Permanent link">&para;</a></h4>
<p><code>libpasswdqc</code> is the underlying library, which may also be used from third-party programs.</p>
<h4 id="libpasswdqc-devel">libpasswdqc-devel<a class="headerlink" href="#libpasswdqc-devel" title="Permanent link">&para;</a></h4>
<p>This package contains development files needed for building passwdqc-aware applications, as well as documentation (man pages) for developing such applications.</p>
<h4 id="passwdqc">passwdqc<a class="headerlink" href="#passwdqc" title="Permanent link">&para;</a></h4>
<p><code>passwdqc</code> is a meta sub-package that installs (via dependencies) all 3 actual sub-packages above.</p>
<p><code>passwdqc</code> is a meta sub-package that installs (via dependencies) the actual sub-packages above, except for <code>libpasswdqc-devel</code>.</p>
<hr>
<div class="md-source-file">
<small>
Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 16, 2023</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 25, 2023</span>
</small>
@ -764,7 +800,7 @@
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.6c14ae12.min.js"></script>
<script src="../../assets/javascripts/bundle.cd18aaf1.min.js"></script>
</body>

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

18
sitemap.xml
View File

@ -2,47 +2,47 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://sig-security.rocky.page/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-23583/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-4911/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/glibc/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/hardened_malloc/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/lkrg/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/microcode_ctl/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/openssh/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/passwdqc/</loc>
<lastmod>2023-11-19</lastmod>
<lastmod>2023-11-27</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.