[ALSA-2024:2264] Important: edk2 security update
Type:
security
Severity:
important
Release date:
2024-05-07
Description:
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) * EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763) * EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764) * edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229) * edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231) * edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232) * edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233) * openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 edk2-tools-20231122-6.el9.aarch64.rpm f96de4de9f85a61df9a83dbf5500becf6c11057d56ef4459baa709c7d42871f4
noarch edk2-aarch64-20231122-6.el9.noarch.rpm 11c7381fdcf07651682bd9e85df65511cb7101453de8db5b48967987e5e6c6a9
noarch edk2-ovmf-20231122-6.el9.noarch.rpm c344271226d0016eca110ad5673ec0a7851704d8b9007a02e5cef91ddccbea0d
noarch edk2-tools-doc-20231122-6.el9.noarch.rpm fea2aecfc1c20965950c39c0c2bf9fc32aecfd41f5c952d8f00fa41a0fe43687
x86_64 edk2-tools-20231122-6.el9.x86_64.rpm ebca6f52208aee541c0db0f441df6f5372935278cade1c4b8c772acfa7b716cf
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.