RLSA-2024:2264 --- edk2ID: oval:org.secpod.oval:def:5800239 | Date: (C)2024-05-21 (M)2024-06-17 |
Class: PATCH | Family: unix |
EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message * EDK2: heap buffer overflow in Tcg2MeasureGptTable * EDK2: heap buffer overflow in Tcg2MeasurePeImage * edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message * edk2: Out of Bounds read when handling a ND Redirect message with truncated options * edk2: Infinite loop when parsing unknown options in the Destination Options header * edk2: Infinite loop when parsing a PadN option in the Destination Options header * openssl: Excessive time spent checking DH keys and parameters For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section.