RHSA-2021:4198: Moderate: edk2 security, bug fix, and enhancement update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 (20210527gite1999b264f1f). (BZ#1846481, BZ#1938238)Security Fix(es): openssl: integer overflow in CipherUpdate (CVE-2021-23840) openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:4198?
RHSA-2021:4198 has a moderate severity level affecting UEFI firmware.
How do I fix RHSA-2021:4198?
You can fix RHSA-2021:4198 by upgrading to the remedied package version 20210527gite1999b264f1f-3.el8.
Which packages are affected by RHSA-2021:4198?
The affected packages include edk2, edk2-ovmf, and edk2-aarch64.
What does RHSA-2021:4198 address?
RHSA-2021:4198 addresses vulnerabilities related to the Embedded Development Kit for UEFI support.
Is there a specific version to look for regarding RHSA-2021:4198?
Yes, the specific version to look for as a fix is 20210527gite1999b264f1f-3.el8.