generated from sig_core/wiki-template
Use relative cross-links between issue and package pages #12
@ -24,7 +24,7 @@ Public disclosure date: November 14, 2023
|
||||
|
||||
- Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023
|
||||
|
||||
Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md).
|
||||
Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md).
|
||||
|
||||
## EL8
|
||||
|
||||
|
@ -19,7 +19,7 @@ Public disclosure date: October 3, 2023
|
||||
- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
|
||||
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
|
||||
|
||||
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md).
|
||||
Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md).
|
||||
|
||||
## EL8
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
||||
|
||||
#### Known-effective vulnerability mitigations and fixes
|
||||
|
||||
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](https://www.openwall.com/lists/oss-security/2023/10/03/2) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
|
||||
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
|
||||
|
||||
In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on.
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
### Changes summary
|
||||
|
||||
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](https://www.openwall.com/lists/oss-security/2023/11/14/4)), temporarily dropping most documentation patches
|
||||
- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches
|
||||
|
||||
### Change log
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user