[SECURITY] [DLA 3852-1] edk2 security update

To: debian-lts-announce <[email protected]>
Subject: [SECURITY] [DLA 3852-1] edk2 security update
From: Markus Koschany <[email protected]>
Date: Mon, 01 Jul 2024 00:07:45 +0200
Message-id: <[🔎] [email protected]>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-------------------------------------------------------------------------
Debian LTS Advisory DLA-3852-1                [email protected]
https://www.debian.org/lts/security/                      Markus Koschany
June 30, 2024                                 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : edk2
Version        : 0~20181115.85588389-3+deb10u4
CVE ID         : CVE-2023-48733

Mate Kukri discovered the Debian build of EDK2, a UEFI firmware
implementation, used an insecure default configuration which could result
in Secure Boot bypass via the UEFI shell.

For Debian 10 buster, this problem has been fixed in version
0~20181115.85588389-3+deb10u4.

We recommend that you upgrade your edk2 packages.

For the detailed security status of edk2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/edk2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SECURITY] [DLA 3851-1] gunicorn security update
Next by Date: [SECURITY] [DLA 3853-1] tryton-server security update
Previous by thread: [SECURITY] [DLA 3851-1] gunicorn security update
Next by thread: [SECURITY] [DLA 3853-1] tryton-server security update
Index(es):
- Date
- Thread