An edk2 security, bug fix, and enhancement update has been released for AlmaLinux 9.

ALSA-2023:2165 Important: edk2 security, bug fix, and enhancement update

Type:
security

Severity:
important

Release date:
2023-05-11

Description
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation (CVE-2021-38578)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
RHSA-2023:2165
CVE-2021-38578
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
CVE-2023-0286
ALSA-2023:2165

Updates packages:
edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
edk2-tools-20221207gitfff6d81270b5-9.el9_2.x86_64.rpm
edk2-tools-20221207gitfff6d81270b5-9.el9_2.aarch64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:2165 Important: edk2 security, bug fix, and enhancement update