ELSA-2023-2165

Опубликовано: 15 мая 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-2165: edk2 security, bug fix, and enhancement update (IMPORTANT)

[20221207gitfff6d81270b5-9]

edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247]
Resolves: bz#2169247 ([edk2] Install a sev guest with enrolled secure boot failed)

[20221207gitfff6d81270b5-8]

[20221207gitfff6d81270b5-7]

[20221207gitfff6d81270b5-6]

edk2-update-build-script-rhel-only.patch [bz#2168046]
edk2-update-build-config-rhel-only.patch [bz#2168046]
edk2-add-release-date-to-builds-rh-only.patch [bz#2168046]
edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
Resolves: bz#2168046 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022)
Resolves: bz#2164534 (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9])
Resolves: bz#2164550 (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9])
Resolves: bz#2164565 (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9])
Resolves: bz#2164583 (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9])

[20221207gitfff6d81270b5-5]

edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch [bz#2157656]
Resolves: bz#2157656 ([edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares)

[20221207gitfff6d81270b5-4]

edk2-ArmVirt-don-t-use-unaligned-CopyMem-on-NOR-flash.patch [bz#2158173]
Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares)

[20221207gitfff6d81270b5-3]

edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch [bz#2158173]
edk2-MdePkg-Remove-Itanium-leftover-data-structure-RH-onl.patch [bz#1983086]
Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares)
Resolves: bz#1983086 (Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status))

[20221207gitfff6d81270b5-2]

[20221207gitfff6d81270b5-1]

Rebase to edk2-stable202211 tag Resolves: RHEL-119 (rebase edk2 to edk2-stable202211)
Resolves: RHEL-75 (edk2 builds should show the build version)
Resolves: bz#2132951 (edk2: Sort traditional virtualization builds before Confidential Computing builds)

[20220826gitba0e0e4c6a-2]

edk2-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch [bz#1989857]
Resolves: bz#1989857 (CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation [rhel-9.0])

[ 0220826gitba0e0e4c6a-1]

Rebase to edk2-stable202208 tag [RHELX-59] Resolves: RHELX-59 (rebase edk2 to 2022-08 stable tag)

[20220526git16779ede2d36-4]