Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 33: Critical EDK2 Update Released in FEDORA-2020-14257cb04d

fedora
Calendar Grey September 30, 2020
Dist Fedora Esm H88
Key notice for Fedora 33 concerning the edk2 202008 stable release. Access vital information on necessary actions.
* Update to edk2 stable 202008

Summary

EDK II is a development code base for creating UEFI drivers, applications

and firmware images.

* Update to edk2 stable 202008

* Wed Sep 16 2020 Cole Robinson - 20200801stable-1

- Update to edk2 stable 202008

* Sat Sep 12 2020 Peter Robinson - 20200201stable-6

- Tweaks for aarch64/ARMv7 builds

- Minor cleanups

[ 1 ] Bug #1801259 - CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1801259

[ 2 ] Bug #1801267 - CVE-2019-14559 edk2: memory leak in ArpOnFrameRcvdDpc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1801267

[ 3 ] Bug #1801269 - CVE-2019-14575 edk2: DxeImageVerificationHandler() fails open in case of dbx signature check [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1801269

[ 4 ] Bug #1833341 - CVE-2019-14586 edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1833341

[ 5 ] Bug #1833348 - CVE-2019-14558 edk2: potentially leaking of secret information due to uncleared memory [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1833348

[ 6 ] Bug #1833353 - CVE-2019-14587 edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1833353

su -c 'dnf upgrade --advisory FEDORA-2020-14257cb04d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update critical Fedora bug fixes CVE edk2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 20200801stable
Release: 1.fc33
URL: https://www.tianocore.org/edk2/
Summary: EFI Development Kit II

Topics%20covered

Topics Covered

security advisory update critical Fedora bug fixes CVE edk2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here