-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: dmidecode security update Advisory ID: RHSA-2023:5252-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5252 Issue date: 2023-09-19 CVE Names: CVE-2023-30630 ==================================================================== 1. Summary: An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, x86_64 3. Description: The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface (EFI), depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer. Security Fix(es): * dmidecode: dump-bin to overwrite a local file (CVE-2023-30630) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2186669 - CVE-2023-30630 dmidecode: dump-bin to overwrite a local file 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: dmidecode-3.3-4.el8_8.1.src.rpm aarch64: dmidecode-3.3-4.el8_8.1.aarch64.rpm dmidecode-debuginfo-3.3-4.el8_8.1.aarch64.rpm dmidecode-debugsource-3.3-4.el8_8.1.aarch64.rpm x86_64: dmidecode-3.3-4.el8_8.1.x86_64.rpm dmidecode-debuginfo-3.3-4.el8_8.1.x86_64.rpm dmidecode-debugsource-3.3-4.el8_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCb3lAAoJENzjgjWX9erEvf8P/0Q5xme4wX46ceez/+txxBu1 yjx1WZK9JZvvOj8trsldeG6caztK9+cq2vBpYSy6LCqsxrv1vev5+X79q53M+D3e 4FLuLfvmv2+YU70Mw4gxui5inC4Vq9C3/74T3KrVDJAQmNRyxsjkRqFEHx3lrcI6 N/741+yZNQf2UhcJGfqXAXDXR3MJ6b6QKxPWlYDHc5h4tV6s9Y26LZdUE5qyPaU9 SAA7IRjaph92zy9+f/ndvPeQ2KTp/UgrxPoAav96+Lz0/Xuo+nahFLEVFEi+eCc3 J3mu/J/vViXd4h0Y5kgle74alPhcQyOxUbvs4kE5jCdGvJOM6Os7EZ6h0nVAn8dM y7NAAcwQ/IHL6/47wsapO5Q/GBzZymbYwWKZGcERJJxD8QRuOr+EeQ/AyC6ePScK n6KLbXyt+mBOH0+BzMAsaxJVvG5PaZMmiip7ECnqSeVv/zfPj8DZoiDp88AfzL+w +W2Zgk1gJH9u5jQlx/0IX5icOavxu2jnFT8F2K5rTg8dj5W30RGjYgainFzbt3on c/wBHlAY/3ipR+0GN28JfeWOqJ2yTFldpazczfBU4wSr4lHx9k395lH39pUo0yzR eWA1cdiCzUBRzbOvhofM89l8paghrfoasFI86Zc385TNSRu1nJ/LnjK5RUElZ5Wp qUolUpWxaMko2Dz+hYXX =QDC0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce