[ELSA-2024-2264] edk2 security update
[20231122-6.0.1]
- Replace upstream references [Orabug:36569119]
[20231122-6]
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
- Resolves: RHEL-21841
(CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9])
- Resolves: RHEL-21843
(CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9])
- Resolves: RHEL-21845
(CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9])
- Resolves: RHEL-21847
(CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9])
- Resolves: RHEL-21849
(TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9])
- Resolves: RHEL-21851
(CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9])
- Resolves: RHEL-21853
(TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9])
[20231122-5]
- edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157]
- edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157]
- edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch [RHEL-21157]
- edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-411-3.patch [RHEL-21157]
- edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch [RHEL-21157]
- edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch [RHEL-21704]
- edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch [RHEL-21704]
- edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch [RHEL-21704]
- edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch [RHEL-21704]
- Resolves: RHEL-21157
(CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [rhel-9])
- Resolves: RHEL-21704
(vGPU VM take several minutes to show tianocore logo if firmware is ovmf)
[20231122-4]
- edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch [RHEL-20963]
- Resolves: RHEL-20963
([rhel9] guest fails to boot due to ASSERT error)
[20231122-3]
- edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch [RHEL-21155]
- edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch [RHEL-21155]
- edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch [RHEL-21155]
- Resolves: RHEL-21155
(CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [rhel-9])
[20231122-2]
- edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963]
- Resolves: RHEL-20963
([rhel9] guest fails to boot due to ASSERT error)
[20231122-1]
- Rebase to edk2-stable202311 [RHEL-12323]
- Switch to OpenSSL 3.0 [RHEL-49]
- Resolves: RHEL-12323
(Rebase EDK2 for RHEL 9.4)
- Resolves: RHEL-49
(consume / bundle RHEL-9 OpenSSL (version 3.0.x) in RHEL-9 edk2)
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/edk2-tools?distro=oraclelinux-9 | < 20231122-6.0.1.el9 |
pkg:rpm/oraclelinux/edk2-tools-doc?distro=oraclelinux-9 | < 20231122-6.0.1.el9 |
pkg:rpm/oraclelinux/edk2-ovmf?distro=oraclelinux-9 | < 20231122-6.0.1.el9 |
pkg:rpm/oraclelinux/edk2-aarch64?distro=oraclelinux-9 | < 20231122-6.0.1.el9 |
- ID
- ELSA-2024-2264
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2024-2264.html
- Published
-
2024-05-03T00:00:00
(4 months ago) - Modified
-
2024-05-03T00:00:00
(4 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
- ALAS-2023-1843
- ALAS2-2023-2226
- ALAS2-2023-2246
- ALAS2-2024-2465
- ALAS2-2024-2483
- ALAS2-2024-2502
- ALPINE:CVE-2023-3446
- ALSA-2023:7877
- ALSA-2024:0888
- ALSA-2024:2264
- ALSA-2024:2447
- ALSA-2024:3017
- ELSA-2023-7877
- ELSA-2024-0888
- ELSA-2024-12056
- ELSA-2024-12343
- ELSA-2024-12408
- ELSA-2024-12409
- ELSA-2024-20865
- ELSA-2024-23120
- ELSA-2024-2447
- ELSA-2024-3017
- FEDORA-2024-a9dead34c5
- GLSA-202402-08
- RHSA-2023:7877
- RHSA-2024:0888
- RHSA-2024:2264
- RHSA-2024:2447
- RHSA-2024:3017
- RLSA-2024:2264
- SSA:2023-213-01
- SUSE-SU-2023:2961-1
- SUSE-SU-2023:2962-1
- SUSE-SU-2023:2964-1
- SUSE-SU-2023:2965-1
- SUSE-SU-2023:2972-1
- SUSE-SU-2023:2973-1
- SUSE-SU-2023:3011-1
- SUSE-SU-2023:3012-1
- SUSE-SU-2023:3013-1
- SUSE-SU-2023:3093-1
- SUSE-SU-2023:3096-1
- SUSE-SU-2023:3160-1
- SUSE-SU-2023:3179-1
- USN-6435-1
- USN-6435-2
- USN-6450-1
- USN-6638-1
- USN-6709-1
- USN-7018-1
- VU:132380
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2024-2264 | https://linux.oracle.com/errata/ELSA-2024-2264.html | |
CVE | CVE-2022-36764 | https://linux.oracle.com/cve/CVE-2022-36764.html | |
CVE | CVE-2022-36763 | https://linux.oracle.com/cve/CVE-2022-36763.html | |
CVE | CVE-2023-3446 | https://linux.oracle.com/cve/CVE-2023-3446.html | |
CVE | CVE-2023-45233 | https://linux.oracle.com/cve/CVE-2023-45233.html | |
CVE | CVE-2023-45235 | https://linux.oracle.com/cve/CVE-2023-45235.html | |
CVE | CVE-2023-45232 | https://linux.oracle.com/cve/CVE-2023-45232.html | |
CVE | CVE-2023-45229 | https://linux.oracle.com/cve/CVE-2023-45229.html | |
CVE | CVE-2023-45231 | https://linux.oracle.com/cve/CVE-2023-45231.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/edk2-tools?distro=oraclelinux-9 | oraclelinux | edk2-tools | < 20231122-6.0.1.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/edk2-tools-doc?distro=oraclelinux-9 | oraclelinux | edk2-tools-doc | < 20231122-6.0.1.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/edk2-ovmf?distro=oraclelinux-9 | oraclelinux | edk2-ovmf | < 20231122-6.0.1.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/edk2-aarch64?distro=oraclelinux-9 | oraclelinux | edk2-aarch64 | < 20231122-6.0.1.el9 | oraclelinux-9 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |