Bug 29484 - edk2 new security issue CVE-2021-38575
Summary: edk2 new security issue CVE-2021-38575
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Nicolas Lécureuil
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-23 16:28 CEST by David Walser
Modified: 2024-03-13 14:02 CET (History)
1 user (show)

See Also:
Source RPM: edk2-20210527gite1999b264f1f-2.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 202108

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-09-23 16:28:26 CEST 
Ubuntu has issued an advisory today (September 23):
https://ubuntu.com/security/notices/USN-5088-1

The issue is fixed upstream in 202108:
https://github.com/tianocore/edk2/releases/tag/edk2-stable202108

Mageia 8 is also affected.
David Walser 2021-09-23 16:28:53 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 202108

Comment 1 David Walser 2023-02-16 21:19:06 CET 
Fedora has issued an advisory today (February 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VO363SLUAI4JBSF2WZ7XHBERODKZP47B/

It fixes issues in the bundled openssl.
Comment 2 David Walser 2023-05-18 18:09:34 CEST 
(In reply to David Walser from comment #1)
> Fedora has issued an advisory today (February 16):
> https://lists.fedoraproject.org/archives/list/package-announce@lists.
> fedoraproject.org/thread/VO363SLUAI4JBSF2WZ7XHBERODKZP47B/
> 
> It fixes issues in the bundled openssl.

RedHat has issued an advisory for this on May 16:
https://access.redhat.com/errata/RHSA-2023:2932
Comment 3 Nicolas Salguero 2024-03-13 14:02:56 CET 
Mageia 8 EOL.

Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Version: Cauldron => 8
Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.