Add microcode_ctl for EL8

2023-11-17 00:06:30 +01:00 · 2023-11-17 00:06:30 +01:00 · b4d2b3b8be
commit b4d2b3b8be
parent 50a81d42ed
3 changed files with 20 additions and 6 deletions
--- a/docs/index.md
+++ b/docs/index.md
@ -45,10 +45,13 @@ You'll normally install packages from the mirrors, which should just work. Howev

 - [hardened_malloc](packages/hardened_malloc.md) (Security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)

+### Override packages (for EL8 and EL9)
+
+- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
+
 ### Override packages (currently only for EL9)

 - [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)
- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md))
 - [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)

 The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
--- a/docs/issues/CVE-2023-23583.md
+++ b/docs/issues/CVE-2023-23583.md
@ -24,8 +24,8 @@ Public disclosure date: November 14, 2023

 - Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023

-Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
-
 ## EL8

- Not fixed yet, will fix.
+- Fixed in version `4:20230808-2.20231009.1.el8.security` available November 16, 2023
+
+Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
--- a/docs/packages/microcode_ctl.md
+++ b/docs/packages/microcode_ctl.md
@ -3,14 +3,25 @@
 ## EL9

 - Version `4:20231114-1.el9_2.security`
- Based on `4:20230808-2`
+- Based on `4:20230808-2.el9`
+
+This is our custom revision of a post-9.2 EL9 package. We use Intel's latest released microcode.
+
+## EL8
+
+- Version `4:20230808-2.20231009.1.el8.security`
+- Based on `4:20230808-2.20231009.1.el8`
+
+This is a rebuild of the 8.9 package as-is to make it available for 8.8. It uses Intel's fixed microcode revision that was provided to distros privately in preparation for the coordinated disclosure.

 ### Changes summary

- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
+- Update Intel CPU microcode to fix [CVE-2023-23583](../issues/CVE-2023-23583.md), temporarily dropping most documentation patches

 ### Change log

+For EL9:
+
 ```
 * Tue Nov 14 2023 Solar Designer <solar@openwall.com> - 4:20231114-1
 - Update Intel CPU microcode to microcode-20231114 (fixes CVE-2023-23583),