Fedora 36: pesign 2023-5399953e3b | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-5399953e3b
2023-02-09 09:21:13.102628
--------------------------------------------------------------------------------

Name        : pesign
Product     : Fedora 36
Version     : 115
Release     : 4.fc36
URL         : https://github.com/rhboot/pesign
Summary     : Signing utility for UEFI binaries
Description :
This package contains the pesign utility for signing UEFI binaries as
well as other associated tools.

--------------------------------------------------------------------------------
Update Information:

- Fix CVE-2022-3560   - This is a privilege escalation in the pesign-authorize
script, which is now deprecated.  There is no impact unless you are using pesign
as a daemon in a signing server.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 31 2023 Robbie Harwood  - 115-4
- Port pesign-authorize to normal file permissions
- Resolves: CVE-2022-3560
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2165983 - CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2165983
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-5399953e3b' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 36: pesign 2023-5399953e3b

February 9, 2023
- Fix CVE-2022-3560 - This is a privilege escalation in the pesign-authorize script, which is now deprecated

Summary

This package contains the pesign utility for signing UEFI binaries as

well as other associated tools.

Update Information:

- Fix CVE-2022-3560 - This is a privilege escalation in the pesign-authorize script, which is now deprecated. There is no impact unless you are using pesign as a daemon in a signing server.

Change Log

* Tue Jan 31 2023 Robbie Harwood - 115-4 - Port pesign-authorize to normal file permissions - Resolves: CVE-2022-3560

References

[ 1 ] Bug #2165983 - CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2165983

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5399953e3b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : pesign
Product : Fedora 36
Version : 115
Release : 4.fc36
URL : https://github.com/rhboot/pesign
Summary : Signing utility for UEFI binaries

Related News

Researcher Creates Polymorphic Blackmamba Malware with ChatGPT

A DevSecOps Process for Node.js Projects

A New Privilege Escalation Vulnerability in the Linux Kernel, Enables a Local Attacker to Execute Malware on Vulnerable Systems

Microsoft's Security Update Guide To Report on CBL-Mariner Linux Vulnerabilities

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy