generated from sig_core/wiki-template
Compare commits
2 Commits
4aa4870469
...
3cc4e716cc
Author | SHA1 | Date | |
---|---|---|---|
3cc4e716cc | |||
|
71aba9fe83 |
@ -2,6 +2,11 @@
|
|||||||
|
|
||||||
These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
|
These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
|
||||||
|
|
||||||
|
## June 13, 2024
|
||||||
|
|
||||||
|
[glibc](packages/glibc.md) `2.34-100.2.el9_4.security.0.9` is a rebase on `2.34-100.el9_4.2`,
|
||||||
|
where we switch to RH's backport of the iconv and nscd security fixes.
|
||||||
|
|
||||||
## June 1, 2024
|
## June 1, 2024
|
||||||
|
|
||||||
[lkrg](packages/lkrg.md) `0.9.8-2.el8_10.security` is a rebuild of Linux Kernel Runtime Guard for EL 8.10,
|
[lkrg](packages/lkrg.md) `0.9.8-2.el8_10.security` is a rebuild of Linux Kernel Runtime Guard for EL 8.10,
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
|
|
||||||
## EL9
|
## EL9
|
||||||
|
|
||||||
- Version `2.34-100.el9_4.security.0.8`
|
- Version `2.34-100.2.el9_4.security.0.9`
|
||||||
- Based on `2.34-100.el9`
|
- Based on `2.34-100.el9_4.2`
|
||||||
|
|
||||||
### Changes summary
|
### Changes summary
|
||||||
|
|
||||||
@ -17,9 +17,9 @@
|
|||||||
|
|
||||||
#### Known-effective vulnerability mitigations and fixes
|
#### Known-effective vulnerability mitigations and fixes
|
||||||
|
|
||||||
`2.34-83.12.el9_3.security.0.6` includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch.
|
`2.34-83.12.el9_3.security.0.6` and above includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch, which upstream also included starting with `2.34-100.el9_4.2`.
|
||||||
|
|
||||||
`2.34-83.12.el9_3.security.0.5` includes `iconv(3)` ISO-2022-CN-EXT [CVE-2024-2961](../issues/CVE-2024-2961.md) fix from upstream glibc 2.34 branch.
|
`2.34-83.12.el9_3.security.0.5` and above includes `iconv(3)` ISO-2022-CN-EXT [CVE-2024-2961](../issues/CVE-2024-2961.md) fix from upstream glibc 2.34 branch, which upstream also included starting with `2.34-100.el9_4.2`.
|
||||||
|
|
||||||
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3` and beyond, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
|
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3` and beyond, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
|
||||||
|
|
||||||
@ -28,6 +28,11 @@ In general, inclusion of additional security fixes will be "reverted" if and whe
|
|||||||
### Change log
|
### Change log
|
||||||
|
|
||||||
```
|
```
|
||||||
|
* Thu Jun 13 2024 Solar Designer <solar@openwall.com> - 2.34-100.2.el9.security.0.9
|
||||||
|
- Rebase on 2.34-100.2
|
||||||
|
|
||||||
|
[... upstream changes ...]
|
||||||
|
|
||||||
* Mon May 20 2024 Solar Designer <solar@openwall.com> - 2.34-100.el9.security.0.8
|
* Mon May 20 2024 Solar Designer <solar@openwall.com> - 2.34-100.el9.security.0.8
|
||||||
- Rebase on 2.34-100
|
- Rebase on 2.34-100
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user