Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2487: Red Hat Security Advisory: fwupd security and bug fix update

An update for fwupd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3287: A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
  • CVE-2022-34301: A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
  • CVE-2022-34302: A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
  • CVE-2022-34303: A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2487 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: fwupd security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for fwupd is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The fwupd packages provide a service that allows session software to update device firmware.

Security Fix(es):

  • fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)
  • shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)
  • shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)
  • shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2119436 - EFI partition configured as FAT16 instead of 32
  • BZ - 2120687 - CVE-2022-34302 shim: 3rd party shim allow secure boot bypass
  • BZ - 2120699 - CVE-2022-34301 shim: 3rd party shim allow secure boot bypass
  • BZ - 2120701 - CVE-2022-34303 shim: 3rd party shim allow secure boot bypass
  • BZ - 2128384 - fwupd fails to apply Secure Boot dbx update on systems
  • BZ - 2129280 - CVE-2022-3287 fwupd: world readable password in /etc/fwupd/redfish.conf [rhel-9.2.0]
  • BZ - 2129904 - CVE-2022-3287 fwupd: world readable password in /etc/fwupd/redfish.conf
  • BZ - 2165096 - Rebase fwupd to pick up all the ESP fixes

CVEs

  • CVE-2022-3287
  • CVE-2022-34301
  • CVE-2022-34302
  • CVE-2022-34303

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

fwupd-1.8.10-2.el9.src.rpm

SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b

x86_64

fwupd-1.8.10-2.el9.x86_64.rpm

SHA-256: bf22c96ddb09b593345d07bfa76e99543f354e8c93c9a080aeb34ecc1b899334

fwupd-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: ae140d68a3a6f18fa9946ebb4a77c3e44b690278331f5af6eaad0b276477e786

fwupd-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: ae140d68a3a6f18fa9946ebb4a77c3e44b690278331f5af6eaad0b276477e786

fwupd-debugsource-1.8.10-2.el9.x86_64.rpm

SHA-256: 615a07bd3b88897a093bc7017144d34667b868b237d4542ae7c2f9af55be154e

fwupd-debugsource-1.8.10-2.el9.x86_64.rpm

SHA-256: 615a07bd3b88897a093bc7017144d34667b868b237d4542ae7c2f9af55be154e

fwupd-plugin-flashrom-1.8.10-2.el9.x86_64.rpm

SHA-256: 7ed38800205d907073ec4095b12b56783cff3781c2c11275841a30a08902d579

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: 180c8b7a7f0c16cdb02352c96ba54d744007fcc79a391b7a3efa276fe93a5f6e

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: 180c8b7a7f0c16cdb02352c96ba54d744007fcc79a391b7a3efa276fe93a5f6e

fwupd-tests-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: 3226621d8331734c7193752f719b40ff0cce8666f7691d940a3025b424c639c9

fwupd-tests-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: 3226621d8331734c7193752f719b40ff0cce8666f7691d940a3025b424c639c9

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

fwupd-1.8.10-2.el9.src.rpm

SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b

s390x

fwupd-1.8.10-2.el9.s390x.rpm

SHA-256: b2061194b020af50b96ff7aa238c75f3aa4be886c3b9c8c63d77654a581db383

fwupd-debuginfo-1.8.10-2.el9.s390x.rpm

SHA-256: 4b8613292e4d6d4bd40f735963899c88ac8072a57b6ac758ae869e30683a95fa

fwupd-debugsource-1.8.10-2.el9.s390x.rpm

SHA-256: 33623a6d771cd419fb9e67806ce3d7bb6a46ae4192545f41689591b53807817f

fwupd-tests-debuginfo-1.8.10-2.el9.s390x.rpm

SHA-256: 4e225a2e204c6f910834f8188ba590396e5d1056c851fd201c14fad6fc0153a4

Red Hat Enterprise Linux for Power, little endian 9

SRPM

fwupd-1.8.10-2.el9.src.rpm

SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b

ppc64le

fwupd-1.8.10-2.el9.ppc64le.rpm

SHA-256: f1cae84884b8a052af0dafeb457432e2d9078b2246daba816a3b74cc504316cd

fwupd-debuginfo-1.8.10-2.el9.ppc64le.rpm

SHA-256: 118a2256ba00e2b1fe92087a78d617aa29cba5d40060300a87b3a2eb7d366ca9

fwupd-debuginfo-1.8.10-2.el9.ppc64le.rpm

SHA-256: 118a2256ba00e2b1fe92087a78d617aa29cba5d40060300a87b3a2eb7d366ca9

fwupd-debugsource-1.8.10-2.el9.ppc64le.rpm

SHA-256: c34958347431c662caaa9bb4316d5f17a839e722ac25eed37dacedbd52aa3231

fwupd-debugsource-1.8.10-2.el9.ppc64le.rpm

SHA-256: c34958347431c662caaa9bb4316d5f17a839e722ac25eed37dacedbd52aa3231

fwupd-plugin-flashrom-1.8.10-2.el9.ppc64le.rpm

SHA-256: a828227ec39e0f164dd12bf523101665c5f045f6901fbbf05dc33401f226ae97

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.ppc64le.rpm

SHA-256: 2bb52bd8db323b84a29651445eaf1770449cfdd54e6174f2b7ba2f489ed09879

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.ppc64le.rpm

SHA-256: 2bb52bd8db323b84a29651445eaf1770449cfdd54e6174f2b7ba2f489ed09879

Red Hat Enterprise Linux for ARM 64 9

SRPM

fwupd-1.8.10-2.el9.src.rpm

SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b

aarch64

fwupd-1.8.10-2.el9.aarch64.rpm

SHA-256: 2780cbebbb6e67a8c8f0202ebddfbcb0c03013de31ac52fc57b156935db817a1

fwupd-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 3410f20ce99cd296d543fb5835d9959758e78603c83366d168a17fe74d9a4e09

fwupd-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 3410f20ce99cd296d543fb5835d9959758e78603c83366d168a17fe74d9a4e09

fwupd-debugsource-1.8.10-2.el9.aarch64.rpm

SHA-256: b3510ebfb81fa3f232c09cfaa135d6416a8dd9b972790139f5d6940156668fd1

fwupd-debugsource-1.8.10-2.el9.aarch64.rpm

SHA-256: b3510ebfb81fa3f232c09cfaa135d6416a8dd9b972790139f5d6940156668fd1

fwupd-plugin-flashrom-1.8.10-2.el9.aarch64.rpm

SHA-256: 4aa4ec7ec41297a4b0fce61a7837e61c48b0b1de4179eab396d2096c1a06471e

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 9df67b28f583f603cdaf3145452b64f82311d49f07420b382caaf2636928dcd6

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 9df67b28f583f603cdaf3145452b64f82311d49f07420b382caaf2636928dcd6

fwupd-tests-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 94162e60bf079b1806ec915a454a2e547e5eb28a085bd9adac7d1a97978cafde

fwupd-tests-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 94162e60bf079b1806ec915a454a2e547e5eb28a085bd9adac7d1a97978cafde

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

fwupd-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: ae140d68a3a6f18fa9946ebb4a77c3e44b690278331f5af6eaad0b276477e786

fwupd-debugsource-1.8.10-2.el9.x86_64.rpm

SHA-256: 615a07bd3b88897a093bc7017144d34667b868b237d4542ae7c2f9af55be154e

fwupd-devel-1.8.10-2.el9.x86_64.rpm

SHA-256: 670eda36608031f6b903b7c22c67f584f1ab23c641abe19bd72bc41c75ebc9df

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: 180c8b7a7f0c16cdb02352c96ba54d744007fcc79a391b7a3efa276fe93a5f6e

fwupd-tests-debuginfo-1.8.10-2.el9.x86_64.rpm

SHA-256: 3226621d8331734c7193752f719b40ff0cce8666f7691d940a3025b424c639c9

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

fwupd-debuginfo-1.8.10-2.el9.ppc64le.rpm

SHA-256: 118a2256ba00e2b1fe92087a78d617aa29cba5d40060300a87b3a2eb7d366ca9

fwupd-debugsource-1.8.10-2.el9.ppc64le.rpm

SHA-256: c34958347431c662caaa9bb4316d5f17a839e722ac25eed37dacedbd52aa3231

fwupd-devel-1.8.10-2.el9.ppc64le.rpm

SHA-256: 49179238f13891bc3eebb1ab68d11dea7d0e297e26c29b07f7050c19dde0b099

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.ppc64le.rpm

SHA-256: 2bb52bd8db323b84a29651445eaf1770449cfdd54e6174f2b7ba2f489ed09879

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

fwupd-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 3410f20ce99cd296d543fb5835d9959758e78603c83366d168a17fe74d9a4e09

fwupd-debugsource-1.8.10-2.el9.aarch64.rpm

SHA-256: b3510ebfb81fa3f232c09cfaa135d6416a8dd9b972790139f5d6940156668fd1

fwupd-devel-1.8.10-2.el9.aarch64.rpm

SHA-256: f2815e7bb38d5971ce7fd1831b7271042c23f6fdf7ea50fcc5614989159332bf

fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 9df67b28f583f603cdaf3145452b64f82311d49f07420b382caaf2636928dcd6

fwupd-tests-debuginfo-1.8.10-2.el9.aarch64.rpm

SHA-256: 94162e60bf079b1806ec915a454a2e547e5eb28a085bd9adac7d1a97978cafde

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

fwupd-debuginfo-1.8.10-2.el9.s390x.rpm

SHA-256: 4b8613292e4d6d4bd40f735963899c88ac8072a57b6ac758ae869e30683a95fa

fwupd-debugsource-1.8.10-2.el9.s390x.rpm

SHA-256: 33623a6d771cd419fb9e67806ce3d7bb6a46ae4192545f41689591b53807817f

fwupd-devel-1.8.10-2.el9.s390x.rpm

SHA-256: a848e50dc77d3c39f78a0fed9157003682805ffe3229a4507fb1a4c5074c704a

fwupd-tests-debuginfo-1.8.10-2.el9.s390x.rpm

SHA-256: 4e225a2e204c6f910834f8188ba590396e5d1056c851fd201c14fad6fc0153a4

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-7189-01

Red Hat Security Advisory 2023-7189-01 - An update for fwupd is now available for Red Hat Enterprise Linux 8.

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

CVE-2022-3287: Never save the Redfish passwords to a file readable by users · fwupd/fwupd@ea67685

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

CVE-2022-34303: UEFI Secure Boot

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader