ELSA-2023-2932 - edk2 security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2023-05-24 |
Description
[20220126gitbb1bba3d77-4]
- edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
- Resolves: bz#2164531
(CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8])
- Resolves: bz#2164543
(CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8])
- Resolves: bz#2164558
(CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8])
- Resolves: bz#2164581
(CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8])
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 8 (aarch64) | edk2-20220126gitbb1bba3d77-4.el8.src.rpm | e3c2731aff6391ee42d11ddbc117853d | - |
| edk2-aarch64-20220126gitbb1bba3d77-4.el8.noarch.rpm | f51f86b650eef51935ce8c18dbe625a0 | - |
|
| Oracle Linux 8 (x86_64) | edk2-20220126gitbb1bba3d77-4.el8.src.rpm | e3c2731aff6391ee42d11ddbc117853d | - |
| edk2-ovmf-20220126gitbb1bba3d77-4.el8.noarch.rpm | 99a6fa03d5b697fdcb3db1b61d64ed54 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
