From 9f3c99b709b670e82b87b7fda0de422b3f411c54 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Wed, 15 Nov 2023 23:17:01 +0100 Subject: [PATCH] Fix-up the previous set of changes --- docs/index.md | 2 +- docs/issues/CVE-2023-23583.md | 12 +++++++++--- docs/issues/CVE-2023-4911.md | 16 ++++++++++------ 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/docs/index.md b/docs/index.md index ffd5b04..81e6996 100644 --- a/docs/index.md +++ b/docs/index.md @@ -48,7 +48,7 @@ You'll normally install packages from the mirrors, which should just work. Howev ### Override packages (currently only for EL9) - [glibc](packages/glibc.md) (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package) -- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes CVE-2023-23583) +- [microcode_ctl](packages/microcode_ctl.md) (updates Intel CPU microcode to microcode-20231114, which fixes [CVE-2023-23583](issues/CVE-2023-23583.md)) - [openssh](packages/openssh.md) (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality) The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs. diff --git a/docs/issues/CVE-2023-23583.md b/docs/issues/CVE-2023-23583.md index 9b2c9da..47d9e5a 100644 --- a/docs/issues/CVE-2023-23583.md +++ b/docs/issues/CVE-2023-23583.md @@ -1,4 +1,8 @@ -# CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior +# CVE-2023-23583: microcode_ctl + +## Title + +CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior ## Summary @@ -18,8 +22,10 @@ Public disclosure date: November 14, 2023 ## EL9 -Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023 +- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023 + +Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md). ## EL8 -Not fixed yet, will fix. +- Not fixed yet, will fix. diff --git a/docs/issues/CVE-2023-4911.md b/docs/issues/CVE-2023-4911.md index 574e5ba..aed5325 100644 --- a/docs/issues/CVE-2023-4911.md +++ b/docs/issues/CVE-2023-4911.md @@ -1,4 +1,8 @@ -# CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation +# CVE-2023-4911: glibc + +## Title + +CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation ## Summary @@ -12,12 +16,12 @@ Public disclosure date: October 3, 2023 ## EL9 -Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023 -Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023 +- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023 +- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023 -Besides the upstream fix, we also retained the mitigation in the [Security SIG package of glibc](packages/glibc.md). +Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md). ## EL8 -Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023 -Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023 +- Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023 +- Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023 -- 2.43.5