fwupd-1.7.8-2.el8.ML.1
エラータID: AXSA:2023-7312:04
Release date:
Wednesday, December 27, 2023 - 01:07
Subject:
fwupd-1.7.8-2.el8.ML.1
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The fwupd packages provide a service that allows session software to update device firmware.
Security Fix(es):
* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Solution:
Update packages.
CVEs:
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Additional Info:
N/A
Download:
SRPMS
- fwupd-1.7.8-2.el8.ML.1.src.rpm
MD5: f8f94a546b885bf73eb7278e81c4c125
SHA-256: b73b241389ff63c77190f0db2a1cb67d778c18541d6e9dddafe5965f9171c767
Size: 3.09 MB
Asianux Server 8 for x86_64
- fwupd-1.7.8-2.el8.ML.1.x86_64.rpm
MD5: e432e106371f76b445633f9751c8aa43
SHA-256: fe81e1482ee421fbbf5830c241a6073b65dbcaa7c3df57034112f25e18c16398
Size: 3.53 MB - fwupd-devel-1.7.8-2.el8.ML.1.x86_64.rpm
MD5: 8a7509df6d1fc57cc924c6fa76b0fea8
SHA-256: d7804c3a3d3b5929bb7c4d5fb4c33f71c35caa0730795790a8dbedd812257a7e
Size: 319.24 kB
日本語