Description:
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation (CVE-2021-38578)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
edk2-tools-20221207gitfff6d81270b5-9.el9_2.aarch64.rpm |
ce69facb48ba1ba68470471c4067d52286e52d3983abf6ac57f7e83b75260f77 |
| noarch |
edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm |
0b2d96153f15aff5bc6a6e70c2e538b306294b495568c511f44b5a312c3d86a2 |
| noarch |
edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm |
3cf7d77ad2e87fb283447992c4f5b4474e6e3cd46f19d8416b62644de5d475f0 |
| noarch |
edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm |
88fdd6252e0556b1732a5dcd546d6e5d581e2f2f0156472f6779bd95e8b8ca10 |
| x86_64 |
edk2-tools-20221207gitfff6d81270b5-9.el9_2.x86_64.rpm |
37644e8ed6ae4de2928a660bcc79f3f27ed90a1f090d14b834da655e3c867d68 |
