Описание
ELSA-2023-2487: fwupd security and bug fix update (MODERATE)
[1.8.10-2.0.1]
- Drop pesign.service restart in postun [Orabug: 34760075]
- Update signing certificate [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Build with the updated Oracle certificate
- Use oraclesecureboot301 as certdir [Orabug: 29881368]
- Use new signing certificate (Alex Burmashev)
- Update SBAT data to include Oracle [Oracle: 33072886]
[1.8.10-2]
- Rebuild because distrobaker did entirely the wrong thing.
- Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384
[1.8.10-1]
- Rebase to latest upstream release to fix multiple ESP detection problems
- Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384
[1.7.10-1]
- New upstream release
- Resolves: rhbz#2129280
[1.7.9-2]
- Include the new dbx updates on the filesystem; clients typically do not have LVFS enabled.
- Resolves: rhbz#2120708
[1.7.8-1]
- New upstream release
- Resolves: rhbz#2059075
[1.7.4-3]
- Disable the Logitech bulkcontroller plugin to avoid adding a dep to protobuf-c which lives in AppStream, not BaseOS.
- Use the efi_vendor variable from EFI-RPM
- Resolves: rhbz#2064904
[1.7.4-1]
- New upstream release
- Backport Fedora 34 changes
- Include support for Lenovo TBT4 Docking stations
- Do not cause systemd-modules-load failures
- Build against a new enough pesign
- Resolves: rhbz#2007520
[1.7.1-1]
- New upstream release
- Backport Fedora 34 changes
- Include support for Dell TBT4 Docking stations
- Resolves: rhbz#1974347
- Resolves: rhbz#1991426
[1.5.9-4]
- Rebuilt to use redhatsecureboot503 signatures
- Undo last Fedora sync to use the RHEL-specific patches
- Resolves: rhbz#2007520
[1.5.9-3]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
[1.5.9-2]
- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065
[1.5.9-1]
- Rebase to include the SBAT metadata section to allow fixing BootHole
- Resolves: rhbz#1951030
[1.5.5-4]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
[1.5.5-3]
- Backport a patch from master to drop the python3-pillow dep
- Resolves: rhbz#1935838
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
fwupd
1.8.10-2.0.1.el9
fwupd-devel
1.8.10-2.0.1.el9
fwupd-plugin-flashrom
1.8.10-2.0.1.el9
Oracle Linux x86_64
fwupd
1.8.10-2.0.1.el9
fwupd-devel
1.8.10-2.0.1.el9
fwupd-plugin-flashrom
1.8.10-2.0.1.el9
Связанные уязвимости
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Уязвимость загрузщика Eurosoft операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности