Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 36 EDK2 Update: 2023-E821B64A4C Critical OpenSSL Issues

fedora
Calendar Grey March 5, 2023
Dist Fedora Esm H88
Fedora Maintenance Alert FEDORA-2023-d234c56b7d highlights updates related to kernel optimizations and legacy hardware support.
add sub-package with xen build (resolves: rhbz#2170730) ---- update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304)

Summary

EDK II is a modern, feature-rich, cross-platform firmware development

environment for the UEFI and PI specifications. This package contains sample

64-bit UEFI firmware builds for QEMU and KVM.

add sub-package with xen build (resolves: rhbz#2170730) ---- update openssl

(CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304). ---- cherry-pick

aarch64 bugfixes, set firmware build release date, add ext4 sub-package

* Fri Feb 17 2023 Gerd Hoffmann

- add sub-package with xen build (resolves: rhbz#2170730)

* Sat Feb 11 2023 Gerd Hoffmann - 20221117gitfff6d81270b5-13

- update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).

* Wed Feb 8 2023 Gerd Hoffmann - 20221117gitfff6d81270b5-12

- cherry-pick aarch64 bugfixes.

- set firmware build release date.

- add ext4 sub-package.

* Fri Jan 6 2023 Gerd Hoffmann - 20221117gitfff6d81270b5-10

- add experimental builds with strict nx checking.

[ 1 ] Bug #2167867 - CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2167867

[ 2 ] Bug #2167889 - CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2167889

[ 3 ] Bug #2167906 - CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2167906

[ 4 ] Bug #2167917 - CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2167917

[ 5 ] Bug #2170730 - Regression: OvmfPkgX64 no longer supports Xen HVM

https://bugzilla.redhat.com/show_bug.cgi?id=2170730

su -c 'dnf upgrade --advisory FEDORA-2023-e821b64a4c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory update critical Fedora threat openssl firmware

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 20221117gitfff6d81270b5
Release: 14.fc36
URL: https://www.tianocore.org/
Summary: UEFI firmware for 64-bit virtual machines

Topics%20covered

Topics Covered

security advisory update critical Fedora threat openssl firmware

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here