Описание
ELSA-2024-9088: edk2 security update (MODERATE)
[20240524-6.0.1]
- Replace upstream references [Orabug:36569119]
[20240524-6]
- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56974]
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55336]
- Resolves: RHEL-56974 (qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9])
- Resolves: RHEL-55336 (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5])
[20240524-5]
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-45847]
- Resolves: RHEL-45847 ([RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic)
[20240524-4]
- edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch [RHEL-56081]
- Resolves: RHEL-56081 ([EDK2] Shim fallback reboot workaround might not work on SNP)
[20240524-3]
- edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch [RHEL-45899]
- edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch [RHEL-45899]
- Resolves: RHEL-45899 ([RHEL-9.5.0] edk2 hit Failed to generate random data)
[20240524-2]
- edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch [RHEL-43442]
- Resolves: RHEL-43442 (edk2 disconnects abnormally before loading the kernel)
[20240524-1]
- Rebase to edk2-stable202405
- Bumo openssl to 8e5beb77088b
- Resolves: RHEL-32486 (rebase to edk2-stable202405 [rhel-9])
- Resolves: RHEL-36446 (edk2: enable MOR [rhel-9])
- Resolves: RHEL-21653 (CVE-2023-6237 edk2: openssl: Excessive time spent checking invalid RSA public keys [rhel-9])
- Resolves: RHEL-21150 (CVE-2023-6129 edk2: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC)
- Resolves: RHEL-22490 (CVE-2024-0727 edk2: openssl: denial of service via null dereference [rhel-9])
[20240214-2]
- edk2-OvmfPkg-PlatformPei-log-a-warning-when-memory-is-tig.patch [RHEL-22202]
- edk2-OvmfPkg-PlatformPei-consider-AP-stacks-for-pei-memor.patch [RHEL-22202]
- edk2-OvmfPkg-PlatformPei-rewrite-page-table-calculation.patch [RHEL-22202]
- edk2-OvmfPkg-PlatformPei-log-pei-memory-cap-details.patch [RHEL-22202]
- edk2-UefiCpuPkg-MpInitLib-Add-support-for-multiple-HOBs-t.patch [RHEL-22202]
- edk2-UefiCpuPkg-MpInitLib-Add-support-for-multiple-HOBs-t.p2.patch [RHEL-22202]
- edk2-UefiCpuPkg-MpInitLib-Add-support-for-multiple-HOBs-t.p3.patch [RHEL-22202]
- edk2-UefiCpuPkg-MpInitLib-Add-support-for-multiple-HOBs-t.p4.patch [RHEL-22202]
- edk2-UefiCpuPkg-MpInitLib-Add-support-for-multiple-HOBs-t.p5.patch [RHEL-22202]
- edk2-UefiCpuPkg-MpInitLib-return-early-in-GetBspNumber.patch [RHEL-22202]
- Resolves: RHEL-22202 ([EDK2] Support booting with 4096 vcpus)
[20240214-1]
- Rebase to edk2-stable202302
- Resolves: RHEL-26879
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
edk2-aarch64
20240524-6.0.1.el9_5
edk2-tools
20240524-6.0.1.el9_5
edk2-tools-doc
20240524-6.0.1.el9_5
Oracle Linux x86_64
edk2-aarch64
20240524-6.0.1.el9_5
edk2-ovmf
20240524-6.0.1.el9_5
edk2-tools
20240524-6.0.1.el9_5
edk2-tools-doc
20240524-6.0.1.el9_5
Связанные CVE
Связанные уязвимости
ELSA-2024-2447: openssl and openssl-fips-provider security update (LOW)
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that applica...
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that applica...