fwupd-1.8.10-2.el9.ML.1

エラータID: AXSA:2023-5696:02

Release date: 
Wednesday, May 31, 2023 - 10:22
Subject: 
fwupd-1.8.10-2.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The fwupd packages provide a service that allows session software to update device firmware.

Security Fix(es):

* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)
* shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)
* shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)
* shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Solution: 

Update packages.

CVEs: 
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Additional Info: 

N/A

Download: 

SRPMS
  1. fwupd-1.8.10-2.el9.ML.1.src.rpm
    MD5: 61c242c9e1aa3786e49f7ce413e5d1c7
    SHA-256: 3fc575637d0b01dbd2575f163cde72ceeff646809536246bf2c63560ba1c9056
    Size: 3.33 MB

Asianux Server 9 for x86_64
  1. fwupd-1.8.10-2.el9.ML.1.x86_64.rpm
    MD5: 189004e34fe1fc2abde1ea0f0d807446
    SHA-256: 2c51da72b73dc5b64d5bfe58b4cf689fe01bac09313bcb86580aac886639dc28
    Size: 1.78 MB
  2. fwupd-devel-1.8.10-2.el9.ML.1.x86_64.rpm
    MD5: 1858e6d8acdbf75de7ae02d77e1958b1
    SHA-256: 111eefdfab5008b745e99d4fdae5dfd4254f2b03619cad4778460fd6a7ab0838
    Size: 81.28 kB
  3. fwupd-plugin-flashrom-1.8.10-2.el9.ML.1.x86_64.rpm
    MD5: 2b5c0f3591ea422684874899cf7cc4a1
    SHA-256: 1a3af7edd10c8fcf0b2838f557bdf948209ad8b4697e4faa8031958f2e1bcb70
    Size: 1.87 MB