ELSA-2024-12842
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-12842
ELSA-2024-12842 - edk2 security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2024-11-22 |
Description
* Mon Sep 09 2024 Aaron Young
- Create new 20240909 release for OL9 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}
* Tue Feb 27 2024 Aaron Young
- Create new 20240227 release for OL9 which includes the following fixed CVEs:
{CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765}
- Update to OpenSSL 3.0.10 which includes the following fixed CVEs:
{CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839}
* Tue Aug 22 2023 Aaron Young
- Create new 20230822.cvm release for OL9
* Mon Aug 21 2023 Aaron Young
- Create new 20230821 release for OL9 which includes the following fixed CVEs:
{CVE-2019-14560}
- Update to OpenSSL 1.1.1v which includes the following fixed CVEs:
{CVE-2023-3817} {CVE-2023-3446} {CVE-2023-2650} {CVE-2023-0465} {CVE-2023-0466} {CVE-2023-0464} {CVE-2023-0286} {CVE-2023-0215} {CVE-2022-4450} {CVE-2022-4304} {CVE-2022-2097} {CVE-2022-2068} {CVE-2022-1292} {CVE-2022-0778} {CVE-2021-4160} {CVE-2021-3712} {CVE-2021-3711} {CVE-2021-3450} {CVE-2021-3449} {CVE-2021-23841} {CVE-2021-23840} {CVE-2020-1971} {CVE-2020-1967} {CVE-2019-1551} {CVE-2019-1563} {CVE-2019-1549} {CVE-2019-1547} {CVE-2019-1552} {CVE-2019-1543} {CVE-2018-0734} {CVE-2018-0735}
* Tue Jun 13 2023 Aaron Young
- Create new 20230613.cvm release for OL9
* Mon Feb 27 2023 Aaron Young
- Create new 20230227.cvm release for OL9 which includes the following fixed CVEs:
{CVE-2021-38578}
Related CVEs
| CVE-2023-45236 |
| CVE-2024-25742 |
| CVE-2023-45237 |
| CVE-2024-1298 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | edk2-20240909-2.el9.src.rpm | c7127a777a806f801e2690c584a287565a426462ac8c625624ab8de334d216ce | - | ol9_aarch64_developer_kvm_utils |
| edk2-20240909-2.el9.src.rpm | c7127a777a806f801e2690c584a287565a426462ac8c625624ab8de334d216ce | - | ol9_aarch64_kvm_utils | |
| edk2-aarch64-20240909-2.el9.noarch.rpm | 9db8e84918c1650ea4b5469123dda79a983f812c432ad1903f03a224bc335f13 | - | ol9_aarch64_kvm_utils | |
| edk2-tools-20240909-2.el9.aarch64.rpm | a941f1a293b04621279d863bcf85fdc664475ff43bf938a6e5ee9d5f0be19998 | - | ol9_aarch64_developer_kvm_utils | |
| Oracle Linux 9 (x86_64) | edk2-20240909-2.el9.src.rpm | c7127a777a806f801e2690c584a287565a426462ac8c625624ab8de334d216ce | - | ol9_x86_64_developer_kvm_utils |
| edk2-20240909-2.el9.src.rpm | c7127a777a806f801e2690c584a287565a426462ac8c625624ab8de334d216ce | - | ol9_x86_64_kvm_utils | |
| edk2-ovmf-20240909-2.el9.noarch.rpm | 8034d62d05c1d1aafb1be6b5da5034858c6d20c812310a127c7749dbb06e8277 | - | ol9_x86_64_kvm_utils | |
| edk2-tools-20240909-2.el9.x86_64.rpm | b2dd600074de3e8e112f3d8de7d6fa41226726c36cba89cd6b706efdd287cbdf | - | ol9_x86_64_developer_kvm_utils | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
