AlmaLinux 2307 Published by

A fwupd security and bug fix update has been released for AlmaLinux 9.



ALSA-2023:2487 Moderate: fwupd security and bug fix update


Type:
security

Severity:
moderate

Release date:
2023-05-12

Description
Security Fix(es):
* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)
* shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)
* shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)
* shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
RHSA-2023:2487
CVE-2022-3287
CVE-2022-34301
CVE-2022-34302
CVE-2022-34303
ALSA-2023:2487

Updates packages:
fwupd-plugin-flashrom-1.8.10-2.el9.alma.aarch64.rpm
fwupd-plugin-flashrom-1.8.10-2.el9.alma.x86_64.rpm
fwupd-plugin-flashrom-1.8.10-2.el9.alma.ppc64le.rpm
fwupd-1.8.10-2.el9.alma.x86_64.rpm
fwupd-1.8.10-2.el9.alma.ppc64le.rpm
fwupd-1.8.10-2.el9.alma.aarch64.rpm
fwupd-1.8.10-2.el9.alma.s390x.rpm
fwupd-devel-1.8.10-2.el9.alma.ppc64le.rpm
fwupd-devel-1.8.10-2.el9.alma.x86_64.rpm
fwupd-devel-1.8.10-2.el9.alma.aarch64.rpm
fwupd-devel-1.8.10-2.el9.alma.s390x.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:2487 Moderate: fwupd security and bug fix update