-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: edk2 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4805-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4805 Issue date: 2020-11-03 CVE Names: CVE-2019-14559 ==================================================================== 1. Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch 3. Description: EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: memory leak in ArpOnFrameRcvdDpc (CVE-2019-14559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1758601 - CVE-2019-14559 edk2: memory leak in ArpOnFrameRcvdDpc 1808845 - RFE: write "Auto Boot Time-out" DEBUG messages for the GetFrontPageTimeoutFromQemu() function 1817035 - rebase edk2 to upstream tag edk2-stable202005 for RHEL-8.3 1861718 - Very slow boot when overcommitting CPU 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: edk2-20200602gitca407c7246bf-3.el8.src.rpm noarch: edk2-aarch64-20200602gitca407c7246bf-3.el8.noarch.rpm edk2-ovmf-20200602gitca407c7246bf-3.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I0jdzjgjWX9erEAQjA8Q/+J+is6NQtoK68ju9PPYR9SnQle45bniNb yajQWRTKDoVD7EK0ZrNS37Mr0cQq5Nv1eEJY8F+NKIoTR51yv5L+qM0Yloov5eEY fjxMf62yGSaz31EINUmzj9kdbr9LIEInOfiXJG3OD/m7c1Ca6gA4q9ky/OajkT26 5XUC0QlyVIIvHnPaXatXjliHRaQX0NWea/HUTTIQv0e3ZPtGbFPyZcdM5AGcO7ho iMe2eowiUQW+NkaL8pvC8xRaWpAvzmij2yLR/P+V7XRboS5+bPDZPiE5VQ7ddpeE wZiGG4qlcIMWqwp32GBaEoSX2B70P1HhMC6vzGOxSDE7/pffJwtUfuRlnlt1kjnB iOml83tB8sUZ2d1suHwW67CJ3W5aTpzdJTqaIlHpP2t2US05aN+XbbZyehI9NnPA 0Ivec0RKRKMZGGmXfdy8d3b69nR85FCK+q8xdBlb2v+1FGhyayCJjB/80Xobi2GV y2rwzu7hxIpw+ednWoNsbhdPN8GxAH50Lr5HR9KHZ43uKm+O99h6l0DY3tXEFNvd nTgoBNDkOQpKYnsAoK339I/sIGxIQJF6GEMkko6tXbhKvR/XE5sry3vfpTkegS0h CMcWGimDgr9KOwL7c1j1usVMKDJFAXipjv0Vvo8Qkl0CdSwrJPYpuZQJJLaLSY6J epKuiwfgnCc=dwzA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce