wiki/news/index.html

1138 lines
36 KiB
HTML

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="The wiki for the Rocky Linux Security Special Interest Group">
<link rel="canonical" href="https://sig-security.rocky.page/news/">
<link rel="prev" href="..">
<link rel="next" href="../issues/CVE-2023-23583/">
<link rel="icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.42">
<title>News - SIG/Security Wiki</title>
<link rel="stylesheet" href="../assets/stylesheets/main.0253249f.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="teal">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#news" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="SIG/Security Wiki" class="md-header__button md-logo" aria-label="SIG/Security Wiki" data-md-component="logo">
<img src="../assets/icon-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
News
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="teal" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="teal" data-md-color-accent="teal" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.resf.org/security/wiki" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
security/wiki
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--integrated" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="SIG/Security Wiki" class="md-nav__button md-logo" aria-label="SIG/Security Wiki" data-md-component="logo">
<img src="../assets/icon-white.svg" alt="logo">
</a>
SIG/Security Wiki
</label>
<div class="md-nav__source">
<a href="https://git.resf.org/security/wiki" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
security/wiki
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
News
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
News
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#october-23-2024" class="md-nav__link">
<span class="md-ellipsis">
October 23, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#august-7-2024" class="md-nav__link">
<span class="md-ellipsis">
August 7, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#july-8-2024" class="md-nav__link">
<span class="md-ellipsis">
July 8, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#july-1-2024" class="md-nav__link">
<span class="md-ellipsis">
July 1, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#june-13-2024" class="md-nav__link">
<span class="md-ellipsis">
June 13, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#june-1-2024" class="md-nav__link">
<span class="md-ellipsis">
June 1, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#may-22-2024" class="md-nav__link">
<span class="md-ellipsis">
May 22, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#may-20-2024" class="md-nav__link">
<span class="md-ellipsis">
May 20, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#april-30-2024" class="md-nav__link">
<span class="md-ellipsis">
April 30, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#april-18-23-2024" class="md-nav__link">
<span class="md-ellipsis">
April 18-23, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#march-28-2024" class="md-nav__link">
<span class="md-ellipsis">
March 28, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#march-11-to-16-2024" class="md-nav__link">
<span class="md-ellipsis">
March 11 to 16, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#february-28-2024" class="md-nav__link">
<span class="md-ellipsis">
February 28, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#january-31-2024" class="md-nav__link">
<span class="md-ellipsis">
January 31, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#january-3-2024" class="md-nav__link">
<span class="md-ellipsis">
January 3, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#december-27-2023" class="md-nav__link">
<span class="md-ellipsis">
December 27, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#december-18-2023" class="md-nav__link">
<span class="md-ellipsis">
December 18, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#december-14-2023" class="md-nav__link">
<span class="md-ellipsis">
December 14, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#november-25-2023" class="md-nav__link">
<span class="md-ellipsis">
November 25, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#november-16-to-19-2023" class="md-nav__link">
<span class="md-ellipsis">
November 16 to 19, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#november-16-2023" class="md-nav__link">
<span class="md-ellipsis">
November 16, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#november-15-2023" class="md-nav__link">
<span class="md-ellipsis">
November 15, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#october-31-to-november-15-2023" class="md-nav__link">
<span class="md-ellipsis">
October 31 to November 15, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#october-13-2023" class="md-nav__link">
<span class="md-ellipsis">
October 13, 2023
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#october-3-2023" class="md-nav__link">
<span class="md-ellipsis">
October 3, 2023
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Issues
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Issues
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../issues/CVE-2023-23583/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2023-23583: microcode_ctl
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../issues/CVE-2023-4911/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2023-4911: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../issues/CVE-2024-1086/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-1086: kernel
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../issues/CVE-2024-2961/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-2961: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../issues/CVE-2024-6387/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6387: openssh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Packages
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Packages
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../packages/control/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: control
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../packages/glibc/" class="md-nav__link">
<span class="md-ellipsis">
Override package: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../packages/hardened_malloc/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: hardened_malloc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../packages/lkrg/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: lkrg
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../packages/microcode_ctl/" class="md-nav__link">
<span class="md-ellipsis">
Override package: microcode_ctl
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../packages/openssh/" class="md-nav__link">
<span class="md-ellipsis">
Override package: openssh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../packages/passwdqc/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: passwdqc
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://git.resf.org/security/wiki/_edit/main/docs/news.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<h1 id="news">News<a class="headerlink" href="#news" title="Permanent link">&para;</a></h1>
<p>These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.</p>
<h2 id="october-23-2024">October 23, 2024<a class="headerlink" href="#october-23-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/lkrg/">lkrg</a> (Linux Kernel Runtime Guard) is updated to version 0.9.9, built for both EL 9.4 and 8.10.</p>
<h2 id="august-7-2024">August 7, 2024<a class="headerlink" href="#august-7-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/openssh/">openssh</a> <code>8.7p1-38.4.el9_4.security.0.9</code> for EL9 is a rebase on RH's release with a CVE-2024-6409 fix,
plus a further change of our own to suppress warnings about unsupported GSSAPI on systems configured for FIPS crypto-policy.</p>
<h2 id="july-8-2024">July 8, 2024<a class="headerlink" href="#july-8-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/openssh/">openssh</a> <code>8.7p1-38.1.el9_4.security.0.7</code> for EL9 adds a fix for <a href="../issues/CVE-2024-6409/">CVE-2024-6409</a>,
an EL9-specific issue similar to <a href="../issues/CVE-2024-6387/">CVE-2024-6387 regreSSHion</a>.</p>
<h2 id="july-1-2024">July 1, 2024<a class="headerlink" href="#july-1-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/openssh/">openssh</a> <code>8.7p1-38.el9_4.security.0.5</code> for EL9 adds a fix for <a href="../issues/CVE-2024-6387/">CVE-2024-6387 regreSSHion</a>.
EL8 is unaffected.</p>
<h2 id="june-13-2024">June 13, 2024<a class="headerlink" href="#june-13-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/glibc/">glibc</a> <code>2.34-100.2.el9_4.security.0.9</code> is a rebase on <code>2.34-100.el9_4.2</code>,
where we switch to RH's backport of the iconv and nscd security fixes.</p>
<h2 id="june-1-2024">June 1, 2024<a class="headerlink" href="#june-1-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/lkrg/">lkrg</a> <code>0.9.8-2.el8_10.security</code> is a rebuild of Linux Kernel Runtime Guard for EL 8.10,
which wasn't strictly necessary this time as our build for 8.9 also remained working on 8.10 as-is.</p>
<h2 id="may-22-2024">May 22, 2024<a class="headerlink" href="#may-22-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/lkrg/">lkrg</a> <code>0.9.8-2.el9_4.security</code> is a rebuild of Linux Kernel Runtime Guard for EL 9.4.</p>
<h2 id="may-20-2024">May 20, 2024<a class="headerlink" href="#may-20-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/glibc/">glibc</a> <code>2.34-100.el9_4.security.0.8</code> contains all of our changes so far rebased on top of 9.4's <code>2.34-100</code>,
which was still missing the iconv and nscd security fixes, so our addition of those is still relevant.</p>
<p><a href="../packages/openssh/">openssh</a> rebased on 9.4's <code>8.7p1-38</code>.</p>
<p>The status page on <a href="../issues/CVE-2024-1086/">CVE-2024-1086</a> has been updated to refer to EL9 fix.</p>
<h2 id="april-30-2024">April 30, 2024<a class="headerlink" href="#april-30-2024" title="Permanent link">&para;</a></h2>
<p>Unreleased <a href="../packages/glibc/">glibc</a> <code>2.34-83.12.el9_3.security.0.6</code> includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch.</p>
<p>This update ended up unreleased because we refocused on 9.4.</p>
<h2 id="april-18-23-2024">April 18-23, 2024<a class="headerlink" href="#april-18-23-2024" title="Permanent link">&para;</a></h2>
<p>Our hardened EL9 <a href="../packages/glibc/">glibc</a> updated to include glibc upstream fix for <a href="../issues/CVE-2024-2961/">CVE-2024-2961</a>.
On that CVE status page, we also provide a mitigation for both EL9 and EL8.</p>
<p>The status page on <a href="../issues/CVE-2024-1086/">CVE-2024-1086</a> has been updated to refer to EL8 fix and errata, suggest disabling network namespaces, explain remaining risks with LKRG.</p>
<h2 id="march-28-2024">March 28, 2024<a class="headerlink" href="#march-28-2024" title="Permanent link">&para;</a></h2>
<p>We've just set up a status page on <a href="../issues/CVE-2024-1086/">CVE-2024-1086</a>,
currently listing two mitigations for this Linux kernel vulnerability.</p>
<h2 id="march-11-to-16-2024">March 11 to 16, 2024<a class="headerlink" href="#march-11-to-16-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/openssh/">openssh</a> rebased on upstream EL 8.7p1-34.3 with fixes for CVE-2023-48795 (Terrapin attack) and CVE-2023-51385, now building it without Kerberos support (further shortens <code>ldd sshd</code> from 20 to 13 lines, down from 28 lines in upstream EL).</p>
<h2 id="february-28-2024">February 28, 2024<a class="headerlink" href="#february-28-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/lkrg/">lkrg</a> updated to version 0.9.8, which adds a remote kernel message logging capability.</p>
<h2 id="january-31-2024">January 31, 2024<a class="headerlink" href="#january-31-2024" title="Permanent link">&para;</a></h2>
<p>Further EL9 <a href="../packages/glibc/">glibc</a> security hardening in response to the <a href="https://www.openwall.com/lists/oss-security/2024/01/30/6">recent</a> <a href="https://www.openwall.com/lists/oss-security/2024/01/30/7">findings</a> by Qualys.</p>
<h2 id="january-3-2024">January 3, 2024<a class="headerlink" href="#january-3-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/control/">control</a> <code>0.8.0-7</code> can now manage two SUID root PAM helper programs <code>unix_chkpwd</code> and <code>pam_timestamp_check</code>.</p>
<h2 id="december-27-2023">December 27, 2023<a class="headerlink" href="#december-27-2023" title="Permanent link">&para;</a></h2>
<p><a href="../packages/control/">control</a> <code>0.8.0-5</code> can now manage user password hashing scheme and password policy in use by PAM-aware programs.</p>
<h2 id="december-18-2023">December 18, 2023<a class="headerlink" href="#december-18-2023" title="Permanent link">&para;</a></h2>
<p>This SIG/Security News wiki page has been created, retroactively identifying and listing selected news items so far.</p>
<p><a href="../packages/control/">control</a> <code>0.8.0-4</code> can now manage 3 privileged programs from <code>util-linux</code> (and <code>util-linux-core</code>): <code>mount</code>, <code>umount</code> (one "facility" for both), and <code>write</code>. Its wiki page has been reworked.</p>
<h2 id="december-14-2023">December 14, 2023<a class="headerlink" href="#december-14-2023" title="Permanent link">&para;</a></h2>
<p><a href="../packages/control/">control</a> wiki page added, documenting the new package.</p>
<p><code>control</code> provides a common interface to register and control (what it calls) system facilities.
This is intended primarily for facilities that can potentially be dangerous to system security, to let you enable, disable, or configure each facility.
A typical facility is a SUID/SGID/setcap program or a configuration setting of a service.</p>
<p>Included initially are facility specifications corresponding to the <code>shadow-utils</code> package. Currently, these allow to <code>control</code> access to 5 privileged programs - 3 of them (<code>chage</code>, <code>gpasswd</code>, and <code>newgrp</code>) are by default SUID root and 2 (<code>newuidmap</code> and <code>newgidmap</code>) are <code>cap_setuid=ep</code>.</p>
<h2 id="november-25-2023">November 25, 2023<a class="headerlink" href="#november-25-2023" title="Permanent link">&para;</a></h2>
<p>Everything we had so far has been updated for EL 9.3 and 8.9, including our hardened EL9 <a href="../packages/glibc/">glibc</a> and <a href="../packages/openssh/">openssh</a> packages rebased on 9.3's and <a href="../packages/lkrg/">lkrg</a> rebuilt for 9.3's and 8.9's kernels, along with re-testing and wiki edits.</p>
<p>The <code>rocky-release-security</code> package containing our repository configuration has been made (a while earlier) easier to use on EL distros other than Rocky Linux, and we've now updated the wiki accordingly.</p>
<h2 id="november-16-to-19-2023">November 16 to 19, 2023<a class="headerlink" href="#november-16-to-19-2023" title="Permanent link">&para;</a></h2>
<p><a href="../packages/microcode_ctl/">microcode_ctl</a> also for EL8, providing 8.9's Intel CPU microcode to fix <a href="../issues/CVE-2023-23583/">CVE-2023-23583</a> a few days before general availability of our own 8.9 release as a whole.</p>
<h2 id="november-16-2023">November 16, 2023<a class="headerlink" href="#november-16-2023" title="Permanent link">&para;</a></h2>
<p>Wiki pages <a href="../packages/lkrg/">lkrg</a> and <a href="../packages/passwdqc/">passwdqc</a> have been created. We had these extra packages for a while, but previously only had wiki pages for override packages (referring solely to upstream homepages for the extra packages).</p>
<h2 id="november-15-2023">November 15, 2023<a class="headerlink" href="#november-15-2023" title="Permanent link">&para;</a></h2>
<p>We've started maintaining wiki pages for selected high profile security issues, initially for glibc <a href="../issues/CVE-2023-4911/">CVE-2023-4911</a> and Intel CPU microcode <a href="../issues/CVE-2023-23583/">CVE-2023-23583</a>.</p>
<p><a href="../packages/microcode_ctl/">microcode_ctl</a> for EL9, providing latest Intel CPU microcode to fix <a href="../issues/CVE-2023-23583/">CVE-2023-23583</a> ahead of availability of a rebuilt new upstream package.</p>
<h2 id="october-31-to-november-15-2023">October 31 to November 15, 2023<a class="headerlink" href="#october-31-to-november-15-2023" title="Permanent link">&para;</a></h2>
<p><a href="../packages/hardened_malloc/">hardened_malloc</a> package - a security-focused memory allocator providing the <code>malloc(3)</code> API, and a script to preload it into existing program binaries. Its documentation on the wiki.</p>
<h2 id="october-13-2023">October 13, 2023<a class="headerlink" href="#october-13-2023" title="Permanent link">&para;</a></h2>
<p>We've started maintaining per-package wiki pages, initially for the override packages of <a href="../packages/glibc/">glibc</a> and <a href="../packages/openssh/">openssh</a>.</p>
<p>We've added instructions for installation of Rocky Linux SIG/Security repository on other EL distros (non-Rocky).</p>
<h2 id="october-3-2023">October 3, 2023<a class="headerlink" href="#october-3-2023" title="Permanent link">&para;</a></h2>
<p>Initial wiki content documenting what we had so far, which included override packages of <a href="../packages/glibc/">glibc</a> and <a href="../packages/openssh/">openssh</a> and extra packages of <a href="../packages/lkrg/">lkrg</a> and <a href="../packages/passwdqc/">passwdqc</a> (even though these per-package wiki pages did not exist yet, so we instead had summaries and external links on the front page only), the repository package, <a href="https://git.rockylinux.org/sig/security/src">source code repositories</a>, and <a href="https://chat.rockylinux.org/rocky-linux/channels/security">Mattermost channel</a>.</p>
<aside class="md-source-file">
<span class="md-source-file__fact">
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1zM12.5 7v5.2l4 2.4-1 1L11 13V7zM11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">October 23, 2024</span>
</span>
</aside>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Rocky Enterprise Software Foundation
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../assets/javascripts/bundle.83f73b43.min.js"></script>
</body>
</html>