Описание
ELSA-2023-7189: fwupd security update (MODERATE)
[1.7.8-2.0.1]
- Modify %prep to correctly apply downstream patches
- Align sections to 512 bytes [Orabug: 35265981]
- Use objcopy to build arm/aarch64 binaries if binutils 2.30-113.0.3 or newer [Orabug: 35265981]
- Enabled signing for aarch64 [Orabug: 35265981]
- Modify meson.build for fwupd-efi [Orabug: 35265981]
- Update SBAT data to include Oracle [Oracle: 33072886]
- Build with the updated Oracle certificate
- Use oraclesecureboot301 as certdir [Orabug: 29881368]
- Use new signing certificate (Alex Burmashev)
[1.7.8-2]
- Backport the Redfish security fixes which affect IDRAC.
- Resolves: rhbz#2170950
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
fwupd
1.7.8-2.0.1.el8
fwupd-devel
1.7.8-2.0.1.el8
Oracle Linux x86_64
fwupd
1.7.8-2.0.1.el8
fwupd-devel
1.7.8-2.0.1.el8
Связанные CVE
Связанные уязвимости
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin ...
