Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 37, FEDORA-2023-e1ffb79ddf Critical OpenSSL Security Update

fedora
Calendar Grey February 16, 2023
Dist Fedora Esm H88
Urgent security update for OpenSSL in Fedora, resolving several vulnerabilities and improving firmware utilities.
update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304)

Summary

EDK II is a modern, feature-rich, cross-platform firmware development

environment for the UEFI and PI specifications. This package contains sample

64-bit UEFI firmware builds for QEMU and KVM.

update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).

---- cherry-pick aarch64 bugfixes, set firmware build release date, add ext4

sub-package

* Sat Feb 11 2023 Gerd Hoffmann - 20221117gitfff6d81270b5-13

- update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).

* Wed Feb 8 2023 Gerd Hoffmann - 20221117gitfff6d81270b5-12

- cherry-pick aarch64 bugfixes.

- set firmware build release date.

- add ext4 sub-package.

* Fri Jan 6 2023 Gerd Hoffmann - 20221117gitfff6d81270b5-10

- add experimental builds with strict nx checking.

[ 1 ] Bug #2167874 - CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2167874

[ 2 ] Bug #2167897 - CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2167897

[ 3 ] Bug #2167909 - CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2167909

[ 4 ] Bug #2167925 - CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2167925

su -c 'dnf upgrade --advisory FEDORA-2023-e1ffb79ddf' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory update critical Fedora threat OpenSSL firmware

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 20221117gitfff6d81270b5
Release: 13.fc37
URL: https://www.tianocore.org/
Summary: UEFI firmware for 64-bit virtual machines

Topics%20covered

Topics Covered

security advisory update critical Fedora threat OpenSSL firmware

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here