[ALSA-2023:6330] Moderate: edk2 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-11-15
Description:
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() (CVE-2019-14560) * openssl: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 edk2-tools-20230524-3.el9.aarch64.rpm 7a9748dcb86b262479b73eedb3d525353f454ccecfb636799c0e4474ea7330d7
noarch edk2-aarch64-20230524-3.el9.noarch.rpm 7f420a2e6902aa83721973936da687385ce3f9a318f79cec650eaf58da03c9ed
noarch edk2-tools-doc-20230524-3.el9.noarch.rpm bc4917712bdd37c686a2e9927839c2ca2f3285b9325d99e9fe4bb9eb8a68f06b
noarch edk2-ovmf-20230524-3.el9.noarch.rpm cf00362ca3ecc9d6ce43ec1f21168c8524b96b2675854692c3afd7bf709e0918
x86_64 edk2-tools-20230524-3.el9.x86_64.rpm 38e89f2d60bbf87a1c484630afcba547a9696ec989f65651e8350df3357168ab
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.