[RLSA-2024:2264] edk2 security update
An update is available for edk2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)
EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)
EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)
edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)
edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)
edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)
edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)
openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section.
Package | Affected Version |
---|---|
pkg:rpm/rockylinux/edk2-ovmf?arch=noarch&distro=rockylinux-9 | < 20231122-6.el9 |
pkg:rpm/rockylinux/edk2-aarch64?arch=noarch&distro=rockylinux-9 | < 20231122-6.el9 |
- ID
- RLSA-2024:2264
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2024:2264
- Published
-
2024-05-10T14:32:38
(4 months ago) - Modified
-
2024-05-10T14:34:21
(4 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2023-1843
- ALAS2-2023-2226
- ALAS2-2023-2246
- ALAS2-2024-2465
- ALAS2-2024-2483
- ALAS2-2024-2502
- ALPINE:CVE-2023-3446
- ALSA-2023:7877
- ALSA-2024:0888
- ALSA-2024:2264
- ALSA-2024:2447
- ALSA-2024:3017
- ELSA-2023-7877
- ELSA-2024-0888
- ELSA-2024-12056
- ELSA-2024-12343
- ELSA-2024-12408
- ELSA-2024-12409
- ELSA-2024-20865
- ELSA-2024-2264
- ELSA-2024-23120
- ELSA-2024-2447
- ELSA-2024-3017
- FEDORA-2024-a9dead34c5
- GLSA-202402-08
- RHSA-2023:7877
- RHSA-2024:0888
- RHSA-2024:2264
- RHSA-2024:2447
- RHSA-2024:3017
- SSA:2023-213-01
- SUSE-SU-2023:2961-1
- SUSE-SU-2023:2962-1
- SUSE-SU-2023:2964-1
- SUSE-SU-2023:2965-1
- SUSE-SU-2023:2972-1
- SUSE-SU-2023:2973-1
- SUSE-SU-2023:3011-1
- SUSE-SU-2023:3012-1
- SUSE-SU-2023:3013-1
- SUSE-SU-2023:3093-1
- SUSE-SU-2023:3096-1
- SUSE-SU-2023:3160-1
- SUSE-SU-2023:3179-1
- USN-6435-1
- USN-6435-2
- USN-6450-1
- USN-6638-1
- USN-6709-1
- USN-7018-1
- VU:132380
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/edk2-ovmf?arch=noarch&distro=rockylinux-9 | rockylinux | edk2-ovmf | < 20231122-6.el9 | rockylinux-9 | noarch | |
Affected | pkg:rpm/rockylinux/edk2-aarch64?arch=noarch&distro=rockylinux-9 | rockylinux | edk2-aarch64 | < 20231122-6.el9 | rockylinux-9 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |