--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a9dead34c5
2024-03-13 01:22:43.440810
--------------------------------------------------------------------------------

Name        : edk2
Product     : Fedora 39
Version     : 20240214
Release     : 2.fc39
URL         : https://www.tianocore.org/
Summary     : UEFI firmware for 64-bit virtual machines
Description :
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.

--------------------------------------------------------------------------------
Update Information:

update to edk2-stable202402
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 26 2024 Gerd Hoffmann  - 20240214-2
- switch pcr predition to systemd-pcrlock format
* Mon Feb 26 2024 Gerd Hoffmann  - 20240214-1
- update to edk2-stable202402
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2257587 - CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2257587
  [ 2 ] Bug #2257588 - CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2257588
  [ 3 ] Bug #2257589 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2257589
  [ 4 ] Bug #2258679 - CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258679
  [ 5 ] Bug #2258687 - CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258687
  [ 6 ] Bug #2258690 - CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258690
  [ 7 ] Bug #2258693 - CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258693
  [ 8 ] Bug #2258696 - CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258696
  [ 9 ] Bug #2258699 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258699
  [ 10 ] Bug #2258701 - CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2258701
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a9dead34c5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 39: edk2 2024-a9dead34c5

March 13, 2024
update to edk2-stable202402

Summary

EDK II is a modern, feature-rich, cross-platform firmware development

environment for the UEFI and PI specifications. This package contains sample

64-bit UEFI firmware builds for QEMU and KVM.

Update Information:

update to edk2-stable202402

Change Log

* Mon Feb 26 2024 Gerd Hoffmann - 20240214-2 - switch pcr predition to systemd-pcrlock format * Mon Feb 26 2024 Gerd Hoffmann - 20240214-1 - update to edk2-stable202402

References

[ 1 ] Bug #2257587 - CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257587 [ 2 ] Bug #2257588 - CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257588 [ 3 ] Bug #2257589 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257589 [ 4 ] Bug #2258679 - CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258679 [ 5 ] Bug #2258687 - CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258687 [ 6 ] Bug #2258690 - CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258690 [ 7 ] Bug #2258693 - CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258693 [ 8 ] Bug #2258696 - CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258696 [ 9 ] Bug #2258699 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258699 [ 10 ] Bug #2258701 - CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258701

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a9dead34c5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : edk2
Product : Fedora 39
Version : 20240214
Release : 2.fc39
URL : https://www.tianocore.org/
Summary : UEFI firmware for 64-bit virtual machines

Related News