RHSA-2024:2264: Important: edk2 security update
First published: Tue Apr 30 2024(Updated: )
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. <br>Security Fix(es):<br><li> edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)</li> <li> EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)</li> <li> EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)</li> <li> edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)</li> <li> edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)</li> <li> edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)</li> <li> edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)</li> <li> openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/edk2 | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-ovmf | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-aarch64 | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-debugsource | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-tools | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-tools-debuginfo | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-tools-doc | <20231122-6.el9 | 20231122-6.el9 |
| redhat/edk2-debugsource | <20231122-6.el9.aa | 20231122-6.el9.aa |
| redhat/edk2-tools | <20231122-6.el9.aa | 20231122-6.el9.aa |
| redhat/edk2-tools-debuginfo | <20231122-6.el9.aa | 20231122-6.el9.aa |
| Red Hat Red Hat CodeReady Linux Builder for Power, little endian | ||
| Red Hat Enterprise Linux 8 | ||
| Red Hat Red Hat CodeReady Linux Builder for ARM 64 | ||
| Red Hat Red Hat CodeReady Linux Builder for x86_64 | ||
| Red Hat Red Hat CodeReady Linux Builder for IBM z Systems | ||
| Red Hat Enterprise Linux 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:2264 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2224962
- https://bugzilla.redhat.com/show_bug.cgi?id=2257582
- https://bugzilla.redhat.com/show_bug.cgi?id=2257583
- https://bugzilla.redhat.com/show_bug.cgi?id=2258677
- https://bugzilla.redhat.com/show_bug.cgi?id=2258688
- https://bugzilla.redhat.com/show_bug.cgi?id=2258691
- https://bugzilla.redhat.com/show_bug.cgi?id=2258694
- https://bugzilla.redhat.com/show_bug.cgi?id=2258700
- https://issues.redhat.com/browse/RHEL-14123
- https://issues.redhat.com/browse/RHEL-20963
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index
Frequently Asked Questions
What is the severity of RHSA-2024:2264?
The severity of RHSA-2024:2264 is critical due to a buffer overflow vulnerability in the EDK package.
How do I fix RHSA-2024:2264?
To fix RHSA-2024:2264, you need to update the affected packages to version 20231122-6.el9 or newer.
Which products are affected by RHSA-2024:2264?
The affected products include Red Hat Enterprise Linux for x86_64, Power, ARM 64, and IBM z Systems, among others.
What type of vulnerability is described in RHSA-2024:2264?
RHSA-2024:2264 describes a buffer overflow vulnerability that affects the handling of Server ID options from a DHCPv6 proxy message.
Is a workaround available for RHSA-2024:2264?
No specific workaround is provided for RHSA-2024:2264, and applying the recommended update is the best course of action.
- agent/severity
- agent/type
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/softwarecombine
- agent/description
- agent/event
- agent/first-publish-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2024:2264
- agent/software-canonical-lookup
- agent/remedy
- agent/source
- agent/tags
- collector/redhat-errata-latest
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/red hat
- canonical/red hat red hat codeready linux builder for power, little endian
- canonical/red hat enterprise linux 8
- canonical/red hat red hat codeready linux builder for arm 64
- canonical/red hat red hat codeready linux builder for x86_64
- canonical/red hat red hat codeready linux builder for ibm z systems