[ALSA-2024:5297] Moderate: edk2 security update
Type:
security
Severity:
moderate
Release date:
2024-08-21
Description:
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236) * edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237) * edk2: Temporary DoS vulnerability (CVE-2024-1298) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch edk2-ovmf-20220126gitbb1bba3d77-13.el8_10.2.noarch.rpm b2d743d54119801c3e05b9db55a01712d616c849f3625d7e774d790dc1593199
noarch edk2-aarch64-20220126gitbb1bba3d77-13.el8_10.2.noarch.rpm b5500f40005f40c522937bc18a6f63937da2e6d0ade658821d580d941b886987
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.