ELSA-2024-12842
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-12842
ELSA-2024-12842 - edk2 security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2024-11-22 |
Description
* Mon Sep 09 2024 Aaron Young
- Create new 20240909 release for OL9 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}
* Tue Feb 27 2024 Aaron Young
- Create new 20240227 release for OL9 which includes the following fixed CVEs:
{CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765}
- Update to OpenSSL 3.0.10 which includes the following fixed CVEs:
{CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839}
* Tue Aug 22 2023 Aaron Young
- Create new 20230822.cvm release for OL9
* Mon Aug 21 2023 Aaron Young
- Create new 20230821 release for OL9 which includes the following fixed CVEs:
{CVE-2019-14560}
- Update to OpenSSL 1.1.1v which includes the following fixed CVEs:
{CVE-2023-3817} {CVE-2023-3446} {CVE-2023-2650} {CVE-2023-0465} {CVE-2023-0466} {CVE-2023-0464} {CVE-2023-0286} {CVE-2023-0215} {CVE-2022-4450} {CVE-2022-4304} {CVE-2022-2097} {CVE-2022-2068} {CVE-2022-1292} {CVE-2022-0778} {CVE-2021-4160} {CVE-2021-3712} {CVE-2021-3711} {CVE-2021-3450} {CVE-2021-3449} {CVE-2021-23841} {CVE-2021-23840} {CVE-2020-1971} {CVE-2020-1967} {CVE-2019-1551} {CVE-2019-1563} {CVE-2019-1549} {CVE-2019-1547} {CVE-2019-1552} {CVE-2019-1543} {CVE-2018-0734} {CVE-2018-0735}
* Tue Jun 13 2023 Aaron Young
- Create new 20230613.cvm release for OL9
* Mon Feb 27 2023 Aaron Young
- Create new 20230227.cvm release for OL9 which includes the following fixed CVEs:
{CVE-2021-38578}
Related CVEs
| CVE-2023-45236 |
| CVE-2024-25742 |
| CVE-2023-45237 |
| CVE-2024-1298 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | edk2-20240909-2.el9.src.rpm | da8bed2ec7c6bf7761d08f2f10bb24bc | - | ol9_aarch64_developer_kvm_utils |
| edk2-20240909-2.el9.src.rpm | da8bed2ec7c6bf7761d08f2f10bb24bc | - | ol9_aarch64_kvm_utils | |
| edk2-aarch64-20240909-2.el9.noarch.rpm | 439de289115784ca37fcfa4676c21da4 | - | ol9_aarch64_kvm_utils | |
| edk2-tools-20240909-2.el9.aarch64.rpm | 2541824388e223a632046a2c83e0f182 | - | ol9_aarch64_developer_kvm_utils | |
| Oracle Linux 9 (x86_64) | edk2-20240909-2.el9.src.rpm | da8bed2ec7c6bf7761d08f2f10bb24bc | - | ol9_x86_64_developer_kvm_utils |
| edk2-20240909-2.el9.src.rpm | da8bed2ec7c6bf7761d08f2f10bb24bc | - | ol9_x86_64_kvm_utils | |
| edk2-ovmf-20240909-2.el9.noarch.rpm | 1ad68a795bbfb7517d8f81f23e7ff9df | - | ol9_x86_64_kvm_utils | |
| edk2-tools-20240909-2.el9.x86_64.rpm | f2381350888696436dcadf5c91d2b838 | - | ol9_x86_64_developer_kvm_utils | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
