Updates for 9.4 #32

Merged
neil merged 5 commits from solardiz-patch-31 into main 2024-05-22 14:11:25 +00:00
2 changed files with 11 additions and 1 deletions
Showing only changes of commit edc7021a49 - Show all commits

View File

@ -2,6 +2,10 @@
These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits. These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
## April 30, 2024
[glibc](packages/glibc.md) `2.34-83.12.el9_3.security.0.6` includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch.
## April 18-23, 2024 ## April 18-23, 2024
Our hardened EL9 [glibc](packages/glibc.md) updated to include glibc upstream fix for [CVE-2024-2961](issues/CVE-2024-2961.md). Our hardened EL9 [glibc](packages/glibc.md) updated to include glibc upstream fix for [CVE-2024-2961](issues/CVE-2024-2961.md).

View File

@ -2,7 +2,7 @@
## EL9 ## EL9
- Version `2.34-83.12.el9_3.security.0.5` - Version `2.34-83.12.el9_3.security.0.6`
- Based on `2.34-83.el9.12` - Based on `2.34-83.el9.12`
### Changes summary ### Changes summary
@ -17,6 +17,8 @@
#### Known-effective vulnerability mitigations and fixes #### Known-effective vulnerability mitigations and fixes
`2.34-83.12.el9_3.security.0.6` includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch.
`2.34-83.12.el9_3.security.0.5` includes `iconv(3)` ISO-2022-CN-EXT [CVE-2024-2961](../issues/CVE-2024-2961.md) fix from upstream glibc 2.34 branch. `2.34-83.12.el9_3.security.0.5` includes `iconv(3)` ISO-2022-CN-EXT [CVE-2024-2961](../issues/CVE-2024-2961.md) fix from upstream glibc 2.34 branch.
`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3` and beyond, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more). `2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3` and beyond, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more).
@ -26,6 +28,10 @@ In general, inclusion of additional security fixes will be "reverted" if and whe
### Change log ### Change log
``` ```
* Tue Apr 30 2024 Solar Designer <solar@openwall.com> - 2.34-83.12.el9.security.0.6
- Add nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes
from upstream glibc 2.34 branch
* Thu Apr 18 2024 Solar Designer <solar@openwall.com> - 2.34-83.12.el9.security.0.5 * Thu Apr 18 2024 Solar Designer <solar@openwall.com> - 2.34-83.12.el9.security.0.5
- Rebase on 2.34-83.12 - Rebase on 2.34-83.12
- Add iconv() ISO-2022-CN-EXT CVE-2024-2961 fix from upstream glibc 2.34 branch - Add iconv() ISO-2022-CN-EXT CVE-2024-2961 fix from upstream glibc 2.34 branch