Fedora 39: edk2 2024-a9dead34c5
Summary
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.
Update Information:
update to edk2-stable202402
Change Log
* Mon Feb 26 2024 Gerd Hoffmann
References
[ 1 ] Bug #2257587 - CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257587 [ 2 ] Bug #2257588 - CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257588 [ 3 ] Bug #2257589 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257589 [ 4 ] Bug #2258679 - CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258679 [ 5 ] Bug #2258687 - CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258687 [ 6 ] Bug #2258690 - CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258690 [ 7 ] Bug #2258693 - CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258693 [ 8 ] Bug #2258696 - CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258696 [ 9 ] Bug #2258699 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258699 [ 10 ] Bug #2258701 - CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258701
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a9dead34c5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html