Lucene search

K
oraclelinuxOracleLinuxELSA-2020-1712
HistoryMay 05, 2020 - 12:00 a.m.

edk2 security, bug fix, and enhancement update

2020-05-0500:00:00
linux.oracle.com
11

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

[20190829git37eef91017ad-9.el8]

  • edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch [bz#1806359]
  • Resolves: bz#1806359
    (bochs-display cannot show graphic wihout driver attach)
    [20190829git37eef91017ad-8.el8]
  • edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch [bz#1801274]
  • edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch [bz#1801274]
  • Resolves: bz#1801274
    (CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8])
    [20190829git37eef91017ad-7.el8]
  • edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch [bz#1751993]
  • edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch [bz#1751993]
  • Resolves: bz#1751993
    (DxeImageVerificationLib handles ‘DENY execute on security violation’ like ‘DEFER execute on security violation’ [rhel8])
    [20190829git37eef91017ad-6.el8]
  • edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch [bz#1789335]
  • Resolves: bz#1789335
    (VM with edk2 cant boot when setting memory with ‘-m 2001’)
    [20190829git37eef91017ad-5.el8]
  • edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch [bz#1789797]
  • edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch [bz#1789797]
  • Resolves: bz#1789797
    (Backport upstream patch series: ‘UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads’ to improve HTTP(S) Boot experience with large (4GiB+) files)
    [20190829git37eef91017ad-4.el8]
  • edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301]
  • edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301]
  • Resolves: bz#1778301
    (re-enable Secure Boot (varstore template) verification in %check)
    [20190829git37eef91017ad-3.el8]
  • Update used openssl version [bz#1616029]
  • Resolves: bz#1616029
    (rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1)
    [20190829git37eef91017ad-2.el8]
  • edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624]
  • edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624]
  • edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624]
  • edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624]
  • edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624]
  • edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624]
  • edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624]
  • edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624]
  • edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624]
  • Resolves: bz#1536624
    (HTTPS enablement in OVMF)
    [20190829git37eef91017ad-1.el8]
  • Rebase to edk2-stable201908 [bz#1748180]
  • Resolves: bz#1748180
    ((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2)

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P