[ALSA-2023:2165] Important: edk2 security, bug fix, and enhancement update
Release date:
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) * edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation (CVE-2021-38578) * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 edk2-tools-20221207gitfff6d81270b5-9.el9_2.aarch64.rpm ce69facb48ba1ba68470471c4067d52286e52d3983abf6ac57f7e83b75260f77
noarch edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm 0b2d96153f15aff5bc6a6e70c2e538b306294b495568c511f44b5a312c3d86a2
noarch edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm 3cf7d77ad2e87fb283447992c4f5b4474e6e3cd46f19d8416b62644de5d475f0
noarch edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm 88fdd6252e0556b1732a5dcd546d6e5d581e2f2f0156472f6779bd95e8b8ca10
x86_64 edk2-tools-20221207gitfff6d81270b5-9.el9_2.x86_64.rpm 37644e8ed6ae4de2928a660bcc79f3f27ed90a1f090d14b834da655e3c867d68
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.