Описание
ELSA-2024-4749: edk2 security update (MODERATE)
[20231122-6.0.1.el9_4.2]
- Replace upstream references [Orabug:36569119]
[20231122-6.el9_4.2]
- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272]
- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272]
- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272]
- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272]
- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272]
- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272]
- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272]
- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272]
- Resolves: RHEL-40270 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z])
- Resolves: RHEL-40272 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z])
[20231122-6.el9_4.1]
- edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
- edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
- Resolves: RHEL-30156 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z])
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
edk2-aarch64
20231122-6.0.1.el9_4.2
edk2-ovmf
20231122-6.0.1.el9_4.2
edk2-tools
20231122-6.0.1.el9_4.2
edk2-tools-doc
20231122-6.0.1.el9_4.2
Oracle Linux x86_64
edk2-aarch64
20231122-6.0.1.el9_4.2
edk2-ovmf
20231122-6.0.1.el9_4.2
edk2-tools
20231122-6.0.1.el9_4.2
edk2-tools-doc
20231122-6.0.1.el9_4.2
Связанные CVE
Связанные уязвимости
CVSS3: 7
ubuntu
больше 1 года назад
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.