Fedora 29 EDK II Security Update: Severity Moderate for Multiple Risks

fedora

April 2, 2019

* Use YYYYMMDD versioning to fix upgrade path ---- * Update to stable-201903 * Update to openssl-1.1.0j * Move to python3 deps

Summary

EDK II is a development code base for creating UEFI drivers, applications

and firmware images.

* Use YYYYMMDD versioning to fix upgrade path ---- * Update to stable-201903 *

Update to openssl-1.1.0j * Move to python3 deps

* Mon Mar 18 2019 Cole Robinson - 20190308stable-1

- Use YYYYMMDD versioning to fix upgrade path

* Fri Mar 15 2019 Cole Robinson - 201903stable-1

- Update to stable-201903

- Update to openssl-1.1.0j

- Move to python3 deps

* Thu Jan 31 2019 Fedora Release Engineering - 20180815gitcb5f4f45ce-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Wed Nov 14 2018 Patrick Uiterwijk - 20180815gitcb5f4f45ce-5

- Add -qosb dependency on python3

* Fri Nov 9 2018 Paolo Bonzini - 20180815gitcb5f4f45ce-4

- Fix network boot via grub (bz 1648476)

* Wed Sep 12 2018 Paolo Bonzini - 20180815gitcb5f4f45ce-3

- Explicitly compile the scripts using py_byte_compile

* Fri Aug 31 2018 Cole Robinson - 20180815gitcb5f4f45ce-2

- Fix passing through RPM build flags (bz 1540244)

[ 1 ] Bug #1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c

https://bugzilla.redhat.com/show_bug.cgi?id=1641442

[ 2 ] Bug #1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c

https://bugzilla.redhat.com/show_bug.cgi?id=1641446

[ 3 ] Bug #1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function

https://bugzilla.redhat.com/show_bug.cgi?id=1641450

[ 4 ] Bug #1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function

https://bugzilla.redhat.com/show_bug.cgi?id=1641458

[ 5 ] Bug #1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function

https://bugzilla.redhat.com/show_bug.cgi?id=1641465

[ 6 ] Bug #1683326 - CVE-2018-12178 edk2: improper DNS packet size check

https://bugzilla.redhat.com/show_bug.cgi?id=1683326

[ 7 ] Bug #1683372 - CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk

https://bugzilla.redhat.com/show_bug.cgi?id=1683372

[ 8 ] Bug #1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP

https://bugzilla.redhat.com/show_bug.cgi?id=1686783

[ 9 ] Bug #1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users

https://bugzilla.redhat.com/show_bug.cgi?id=1641433

[ 10 ] Bug #1683653 - CVE-2018-3630 ovmf: Logic error in FV parsing in MdeModulePkg\Core\Pei\FwVol\FwVol.c

https://bugzilla.redhat.com/show_bug.cgi?id=1683653

[ 11 ] Bug #1683421 - edk2: heap buffer overflow in LengthofComponentIdentifier in UdfDxe/FileSystemOperations.c

https://bugzilla.redhat.com/show_bug.cgi?id=1683421

[ 12 ] Bug #1683425 - edk2: heap buffer overflow in NumberOfPartitions in UdfDxe/FileSystemOperations.c

https://bugzilla.redhat.com/show_bug.cgi?id=1683425

[ 13 ] Bug #1683413 - edk2: heap buffer overflow in ReadFile in UdfDxe/FileSystemOperations.c

https://bugzilla.redhat.com/show_bug.cgi?id=1683413

[ 14 ] Bug #1683404 - edk2: stack buffer overflow in file/path name string check in UdfDxe/File.c

https://bugzilla.redhat.com/show_bug.cgi?id=1683404

[ 15 ] Bug #1683410 - edk2: stack buffer overflow in FindAnchorVolumeDescriptorPointer in PartitionDxe/Udf.c

https://bugzilla.redhat.com/show_bug.cgi?id=1683410

su -c 'dnf upgrade --advisory FEDORA-2019-bff1cbaba3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics Covered

security advisory buffer overflow software update Fedora privilege escalation edk2 python dependency

Change Log

References

Update Instructions

Product: Fedora 29

Version: 20190308stable

Release: 1.fc29

URL: https://www.tianocore.org/edk2/

Summary: EFI Development Kit II

Topics Covered

security advisory buffer overflow software update Fedora privilege escalation edk2 python dependency

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 29 EDK II Security Update: Severity Moderate for Multiple Risks

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 29 EDK II Security Update: Severity Moderate for Multiple Risks

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!