fwupd-1.8.10-2.el9.ML.1
エラータID: AXSA:2023-5696:02
リリース日:
2023/05/31 Wednesday - 10:22
題名:
fwupd-1.8.10-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- fwupd の redfish プラグインには、自動生成されたパスワードを保存
するファイルの権限が不適切な問題があるため、システム上の任意の
ユーザーにより、そのファイルの読み取りを可能とする脆弱性が存在
します。(CVE-2022-3287)
- CryptoPro Secure Disk のブートローダーには、セキュアブート機構を
バイパスしブートプロセス中に署名されていないコードの実行を可能と
する脆弱性が存在します。(CVE-2022-34301)
- New Horizon Datasys のブートローダーには、セキュアブート機構を
バイパスしブートプロセス中に署名されていないコードの実行を可能と
する脆弱性が存在します。(CVE-2022-34302)
- Eurosoft のブートローダーには、セキュアブート機構をバイパスし
ブートプロセス中に署名されていないコードの実行を可能とする脆弱性
が存在します。(CVE-2022-34303)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
追加情報:
N/A
ダウンロード:
SRPMS
- fwupd-1.8.10-2.el9.ML.1.src.rpm
MD5: 61c242c9e1aa3786e49f7ce413e5d1c7
SHA-256: 3fc575637d0b01dbd2575f163cde72ceeff646809536246bf2c63560ba1c9056
Size: 3.33 MB
Asianux Server 9 for x86_64
- fwupd-1.8.10-2.el9.ML.1.x86_64.rpm
MD5: 189004e34fe1fc2abde1ea0f0d807446
SHA-256: 2c51da72b73dc5b64d5bfe58b4cf689fe01bac09313bcb86580aac886639dc28
Size: 1.78 MB - fwupd-devel-1.8.10-2.el9.ML.1.x86_64.rpm
MD5: 1858e6d8acdbf75de7ae02d77e1958b1
SHA-256: 111eefdfab5008b745e99d4fdae5dfd4254f2b03619cad4778460fd6a7ab0838
Size: 81.28 kB - fwupd-plugin-flashrom-1.8.10-2.el9.ML.1.x86_64.rpm
MD5: 2b5c0f3591ea422684874899cf7cc4a1
SHA-256: 1a3af7edd10c8fcf0b2838f557bdf948209ad8b4697e4faa8031958f2e1bcb70
Size: 1.87 MB
English