ALSA-2024:4749

[ALSA-2024:4749] Moderate: edk2 security update

Type:

security

Severity:

moderate

Release date:

2024-07-25

Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. 

Security Fix(es):

* EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)
* edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)
* edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	edk2-tools-20231122-6.el9_4.2.aarch64.rpm	a37b1abcd086ada56a23b2fc5caf23952b18b9a7dbe8c5da55a161f9834fff01
noarch	edk2-ovmf-20231122-6.el9_4.2.noarch.rpm	07ab65898528b14bd133dcc29037207a0575b113ba24d06b8ec9fb9a2740a4a8
noarch	edk2-aarch64-20231122-6.el9_4.2.noarch.rpm	9a5248396531529aa0a93ef15d4a30176a9c18dced35b724cbc45a4b1e0b3784
noarch	edk2-tools-doc-20231122-6.el9_4.2.noarch.rpm	c756059b460fd70f02088389aa5bc06026f457801491df61042de96189563f25
x86_64	edk2-tools-20231122-6.el9_4.2.x86_64.rpm	dd4851b48637abc2e8d2482693c6be271d3599f20410b809ac733744a5a5905f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.