Fedora Linux 8810 Published by

A pesign security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: pesign-116-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-e77628f240
2023-02-09 09:11:04.274195
--------------------------------------------------------------------------------

Name : pesign
Product : Fedora 37
Version : 116
Release : 1.fc37
URL :   https://github.com/rhboot/pesign
Summary : Signing utility for UEFI binaries
Description :
This package contains the pesign utility for signing UEFI binaries as
well as other associated tools.

--------------------------------------------------------------------------------
Update Information:

- New upstream release (116) - Fix CVE-2022-3560 - This is a privilege
escalation in the pesign-authorize script, which is now deprecated. There is no
impact unless you are using pesign as a daemon in a signing server.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 31 2023 Robbie Harwood - 116-1
- New upstream release (116)
- Resolves: CVE-2022-3560
* Wed Aug 31 2022 Robbie Harwood - 115-9
- Roll up to pjones's smartcard/cms fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2165983 - CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2165983
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-e77628f240' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________