security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed 4890fa2 with MkDocs version: 1.6.0

Browse Source
This commit is contained in:
2024-05-23 20:05:04 +00:00
parent d86a02c982
commit eef262417b
4 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
issues/CVE-2024-2961/index.html
View File

@ -500,6 +500,15 @@
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#making-the-fix-or-mitigation-effective" class="md-nav__link">
<span class="md-ellipsis">
Making the fix or mitigation effective
</span>
</a>
</li>
</ul>
@ -763,9 +772,14 @@
<p>On PHP [this glibc bug led] to amazing results: a new exploitation technique that affects the whole PHP ecosystem.</p>
<p>Public disclosure date: April 17, 2024</p>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<p>Fixed in version: <code>2.34-83.12.el9_3.security.0.5</code> available April 18, 2024</p>
<ul>
<li>Fixed in version: <code>2.34-83.12.el9_3.security.0.5</code> available April 18, 2024</li>
</ul>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<p>Affected. We will of course rebuild upstream's fix as soon as it arrives.</p>
<ul>
<li>Fixed in version: <code>2.28-236.el8_9.13</code> available May 7, 2024</li>
<li>Errata: <a href="https://errata.rockylinux.org/RLSA-2024:2722">RLSA-2024:2722</a> issued May 9, 2024</li>
</ul>
<h2 id="mitigation">Mitigation<a class="headerlink" href="#mitigation" title="Permanent link">&para;</a></h2>
<p>Support for the ISO-2022-CN-EXT character set can be excluded from glibc's iconv(3) by editing <code>/usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf</code> to comment out the below 3 lines at line 1254 (same line number in EL9 and EL8) and then regenerating the cache file:</p>
<div class="highlight"><pre><span></span><code>alias ISO2022CNEXT// ISO-2022-CN-EXT//
@ -777,7 +791,9 @@ module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1
iconvconfig
</code></pre></div>
<p>To make sure this has worked as intended, we also recommend that you run <code>iconv -l | grep ISO-2022-CN-EXT</code> before and after the above procedure. It should list the ISO-2022-CN-EXT character set before the procedure, but produce empty output afterwards.</p>
<p>Finally, if you have long-running processes for which the bug matters (such as PHP-FPM), you'll need to restart those.</p>
<h2 id="making-the-fix-or-mitigation-effective">Making the fix or mitigation effective<a class="headerlink" href="#making-the-fix-or-mitigation-effective" title="Permanent link">&para;</a></h2>
<p>After installing a fixed version of glibc or/and applying the mitigation,
you'll need to restart any long-running processes for which the bug matters (such as PHP-FPM).</p>
@ -798,7 +814,7 @@ iconvconfig
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">April 23, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 23, 2024</span>
</span>

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

26
sitemap.xml
View File

@ -2,67 +2,67 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://sig-security.rocky.page/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/news/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-23583/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-4911/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-1086/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-2961/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/control/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/glibc/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/hardened_malloc/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/lkrg/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/microcode_ctl/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/openssh/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/passwdqc/</loc>
<lastmod>2024-05-22</lastmod>
<lastmod>2024-05-23</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.