AlmaLinux 2324 Published by

An edk2 security update has been released for AlmaLinux 8.



ALSA-2023:2932 Important: edk2 security update


Type:
security

Severity:
important

Release date:
2023-05-19

Description
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
RHSA-2023:2932
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
CVE-2023-0286
ALSA-2023:2932

Updates packages:
edk2-aarch64-20220126gitbb1bba3d77-4.el8.noarch.rpm
edk2-ovmf-20220126gitbb1bba3d77-4.el8.noarch.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:2932 Important: edk2 security update