An edk2 security update has been released for AlmaLinux 8.
ALSA-2023:2932 Important: edk2 security update
Type:
security
Severity:
important
Release date:
2023-05-19
Description
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
RHSA-2023:2932
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
CVE-2023-0286
ALSA-2023:2932
Updates packages:
edk2-aarch64-20220126gitbb1bba3d77-4.el8.noarch.rpm
edk2-ovmf-20220126gitbb1bba3d77-4.el8.noarch.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
