--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a9dead34c5
2024-03-13 01:22:43.440810
--------------------------------------------------------------------------------
Name : edk2
Product : Fedora 39
Version : 20240214
Release : 2.fc39
URL :
http://www.tianocore.org
Summary : UEFI firmware for 64-bit virtual machines
Description :
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.
--------------------------------------------------------------------------------
Update Information:
update to edk2-stable202402
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 26 2024 Gerd Hoffmann <kraxel(a)redhat.com> - 20240214-2
- switch pcr predition to systemd-pcrlock format
* Mon Feb 26 2024 Gerd Hoffmann <kraxel(a)redhat.com> - 20240214-1
- update to edk2-stable202402
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2257587 - CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257587
[ 2 ] Bug #2257588 - CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257588
[ 3 ] Bug #2257589 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to
HOB OOB R/W [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257589
[ 4 ] Bug #2258679 - CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA
options in a DHCPv6 Advertise message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258679
[ 5 ] Bug #2258687 - CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a
long Server ID option [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258687
[ 6 ] Bug #2258690 - CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect
message with truncated options [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258690
[ 7 ] Bug #2258693 - CVE-2023-45232 edk2: Infinite loop when parsing unknown options in
the Destination Options header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258693
[ 8 ] Bug #2258696 - CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in
the Destination Options header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258696
[ 9 ] Bug #2258699 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers
option in a DHCPv6 Advertise message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258699
[ 10 ] Bug #2258701 - CVE-2023-45235 edk2: Buffer overflow when handling Server ID
option from a DHCPv6 proxy Advertise message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258701
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a9dead34c5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------