Stay Connected:

ELSA-2020-1712

ELSA-2020-1712 - edk2 security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2020-05-05

Description


[20190829git37eef91017ad-9.el8]
- edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch [bz#1806359]
- Resolves: bz#1806359
(bochs-display cannot show graphic wihout driver attach)

[20190829git37eef91017ad-8.el8]
- edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch [bz#1801274]
- edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch [bz#1801274]
- Resolves: bz#1801274
(CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8])

[20190829git37eef91017ad-7.el8]
- edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch [bz#1751993]
- edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch [bz#1751993]
- Resolves: bz#1751993
(DxeImageVerificationLib handles 'DENY execute on security violation' like 'DEFER execute on security violation' [rhel8])

[20190829git37eef91017ad-6.el8]
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch [bz#1789335]
- Resolves: bz#1789335
(VM with edk2 cant boot when setting memory with '-m 2001')

[20190829git37eef91017ad-5.el8]
- edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch [bz#1789797]
- edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch [bz#1789797]
- Resolves: bz#1789797
(Backport upstream patch series: 'UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads' to improve HTTP(S) Boot experience with large (4GiB+) files)

[20190829git37eef91017ad-4.el8]
- edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301]
- edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301]
- Resolves: bz#1778301
(re-enable Secure Boot (varstore template) verification in %check)

[20190829git37eef91017ad-3.el8]
- Update used openssl version [bz#1616029]
- Resolves: bz#1616029
(rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1)

[20190829git37eef91017ad-2.el8]
- edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624]
- edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624]
- edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624]
- edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624]
- edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624]
- edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624]
- edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624]
- edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624]
- edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624]
- Resolves: bz#1536624
(HTTPS enablement in OVMF)

[20190829git37eef91017ad-1.el8]
- Rebase to edk2-stable201908 [bz#1748180]
- Resolves: bz#1748180
((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2)


Related CVEs


CVE-2019-14563

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) edk2-20190829git37eef91017ad-9.el8.src.rpmd9efc914223a40c1e51c801c82efc301-
edk2-aarch64-20190829git37eef91017ad-9.el8.noarch.rpm815f68d21d77571847efe1128c1c2b3c-
Oracle Linux 8 (x86_64) edk2-20190829git37eef91017ad-9.el8.src.rpmd9efc914223a40c1e51c801c82efc301-
edk2-ovmf-20190829git37eef91017ad-9.el8.noarch.rpm3e8294eeb575f8fdf2d33e31f60bdf4f-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights