issues/CVE-2024-2961.md: Add EL8 fix, mention need to restart after fix #34

Merged
neil merged 1 commits from solardiz-patch-33 into main 2024-05-23 20:04:35 +00:00

View File

@ -18,11 +18,12 @@ Public disclosure date: April 17, 2024
## EL9 ## EL9
Fixed in version: `2.34-83.12.el9_3.security.0.5` available April 18, 2024 - Fixed in version: `2.34-83.12.el9_3.security.0.5` available April 18, 2024
## EL8 ## EL8
Affected. We will of course rebuild upstream's fix as soon as it arrives. - Fixed in version: `2.28-236.el8_9.13` available May 7, 2024
- Errata: [RLSA-2024:2722](https://errata.rockylinux.org/RLSA-2024:2722) issued May 9, 2024
## Mitigation ## Mitigation
@ -43,4 +44,7 @@ iconvconfig
To make sure this has worked as intended, we also recommend that you run `iconv -l | grep ISO-2022-CN-EXT` before and after the above procedure. It should list the ISO-2022-CN-EXT character set before the procedure, but produce empty output afterwards. To make sure this has worked as intended, we also recommend that you run `iconv -l | grep ISO-2022-CN-EXT` before and after the above procedure. It should list the ISO-2022-CN-EXT character set before the procedure, but produce empty output afterwards.
Finally, if you have long-running processes for which the bug matters (such as PHP-FPM), you'll need to restart those. ## Making the fix or mitigation effective
After installing a fixed version of glibc or/and applying the mitigation,
you'll need to restart any long-running processes for which the bug matters (such as PHP-FPM).