security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed 41e67d4 with MkDocs version: 1.5.3

Browse Source
This commit is contained in:
2024-04-23 13:31:31 +00:00
parent ba1bb758b7
commit 5949de808a
5 changed files with 42 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
issues/CVE-2024-2961/index.html
View File

@ -491,6 +491,15 @@
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#mitigation" class="md-nav__link">
<span class="md-ellipsis">
Mitigation
</span>
</a>
</li>
</ul>
@ -757,6 +766,18 @@
<p>Fixed in version: <code>2.34-83.12.el9_3.security.0.5</code> available April 18, 2024</p>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<p>Affected. We will of course rebuild upstream's fix as soon as it arrives.</p>
<h2 id="mitigation">Mitigation<a class="headerlink" href="#mitigation" title="Permanent link">&para;</a></h2>
<p>Support for the ISO-2022-CN-EXT character set can be excluded from glibc's iconv(3) by editing <code>/usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf</code> to comment out the below 3 lines at line 1254 (same line number in EL9 and EL8) and then regenerating the cache file:</p>
<div class="highlight"><pre><span></span><code>alias ISO2022CNEXT// ISO-2022-CN-EXT//
module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1
module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1
</code></pre></div>
<p>These two steps can be accomplished by running the below commands as root:</p>
<div class="highlight"><pre><span></span><code>sed -i -r &#39;s/^(.*ISO-2022-CN-EXT.*)$/#\1/&#39; /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf
iconvconfig
</code></pre></div>
<p>To make sure this has worked as intended, we also recommend that you run <code>iconv -l | grep ISO-2022-CN-EXT</code> before and after the above procedure. It should list the ISO-2022-CN-EXT character set before the procedure, but produce empty output afterwards.</p>
<p>Finally, if you have long-running processes for which the bug matters (such as PHP-FPM), you'll need to restart those.</p>
@ -777,7 +798,7 @@
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">April 18, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">April 23, 2024</span>
</span>

12
news/index.html
View File

@ -323,9 +323,9 @@
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#april-18-2024" class="md-nav__link">
<a href="#april-18-23-2024" class="md-nav__link">
<span class="md-ellipsis">
April 18, 2024
April 18-23, 2024
</span>
</a>
@ -854,9 +854,9 @@
<h1 id="news">News<a class="headerlink" href="#news" title="Permanent link">&para;</a></h1>
<p>These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.</p>
<h2 id="april-18-2024">April 18, 2024<a class="headerlink" href="#april-18-2024" title="Permanent link">&para;</a></h2>
<p>Our hardened EL9 <a href="../packages/glibc/">glibc</a> updated to include glibc upstream fix for <a href="../issues/CVE-2024-2961/">CVE-2024-2961</a>,
which we now have a status page on.</p>
<h2 id="april-18-23-2024">April 18-23, 2024<a class="headerlink" href="#april-18-23-2024" title="Permanent link">&para;</a></h2>
<p>Our hardened EL9 <a href="../packages/glibc/">glibc</a> updated to include glibc upstream fix for <a href="../issues/CVE-2024-2961/">CVE-2024-2961</a>.
On that CVE status page, we also provide a mitigation for both EL9 and EL8.</p>
<p>The status page on <a href="../issues/CVE-2024-1086/">CVE-2024-1086</a> has been updated to refer to EL8 fix and errata, suggest disabling network namespaces, explain remaining risks with LKRG.</p>
<h2 id="march-28-2024">March 28, 2024<a class="headerlink" href="#march-28-2024" title="Permanent link">&para;</a></h2>
<p>We've just set up a status page on <a href="../issues/CVE-2024-1086/">CVE-2024-1086</a>,
@ -917,7 +917,7 @@ A typical facility is a SUID/SGID/setcap program or a configuration setting of a
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">April 18, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">April 23, 2024</span>
</span>

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

26
sitemap.xml
View File

@ -2,67 +2,67 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://sig-security.rocky.page/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/news/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-23583/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-4911/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-1086/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-2961/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/control/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/glibc/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/hardened_malloc/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/lkrg/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/microcode_ctl/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/openssh/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/passwdqc/</loc>
<lastmod>2024-04-18</lastmod>
<lastmod>2024-04-23</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.