Issued:: 2024-03-05
Updated:: 2024-03-05

RHSA-2024:1075 - Security Advisory

Overview
Updated Packages

Synopsis

Important: edk2 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for edk2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

edk2: Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230)
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64

Fixes

BZ - 2258685 - CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option
BZ - 2258697 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
x86_64
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
x86_64
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
x86_64
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat Enterprise Linux for ARM 64 9

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
aarch64
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
aarch64
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
x86_64
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11
edk2-debugsource-20230524-4.el9_3.2.x86_64.rpm	SHA-256: 47c4fb33a4101ff0f460861352e6e37ae102b7f5061b5d79aeff76ec4cb4342d
edk2-tools-20230524-4.el9_3.2.x86_64.rpm	SHA-256: 297e279e9870c017ca20a1a9c9c11a4add9123a93acbfe12bd279ed79f4f0554
edk2-tools-debuginfo-20230524-4.el9_3.2.x86_64.rpm	SHA-256: 1d725c1d04490c114ad6afbcc92f4bb3503920df59e65c9bd4a22927648a4b17
edk2-tools-doc-20230524-4.el9_3.2.noarch.rpm	SHA-256: 1c578da8d67d1e6dddd3fe04315995da4a73e86b75b440be26f1d8ea356e4da0

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
edk2-debugsource-20230524-4.el9_3.2.aarch64.rpm	SHA-256: af3a612049bc802658511bdb0fc606b485304ef3e25ba312cb022b74fd29d6f4
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520
edk2-tools-20230524-4.el9_3.2.aarch64.rpm	SHA-256: 2e65f940811f5bc28781ebe9dce0772f50466410761d2497672b890de05811f0
edk2-tools-debuginfo-20230524-4.el9_3.2.aarch64.rpm	SHA-256: 533576ba82d3ac54c083f180c1a7b2359bdc85e99388daeb6fe65760cacce44f
edk2-tools-doc-20230524-4.el9_3.2.noarch.rpm	SHA-256: 1c578da8d67d1e6dddd3fe04315995da4a73e86b75b440be26f1d8ea356e4da0

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4

SRPM
x86_64
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11
edk2-debugsource-20230524-4.el9_3.2.x86_64.rpm	SHA-256: 47c4fb33a4101ff0f460861352e6e37ae102b7f5061b5d79aeff76ec4cb4342d
edk2-tools-20230524-4.el9_3.2.x86_64.rpm	SHA-256: 297e279e9870c017ca20a1a9c9c11a4add9123a93acbfe12bd279ed79f4f0554
edk2-tools-debuginfo-20230524-4.el9_3.2.x86_64.rpm	SHA-256: 1d725c1d04490c114ad6afbcc92f4bb3503920df59e65c9bd4a22927648a4b17
edk2-tools-doc-20230524-4.el9_3.2.noarch.rpm	SHA-256: 1c578da8d67d1e6dddd3fe04315995da4a73e86b75b440be26f1d8ea356e4da0

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4

SRPM
ppc64le
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4

SRPM
s390x
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4

SRPM
aarch64
edk2-debugsource-20230524-4.el9_3.2.aarch64.rpm	SHA-256: af3a612049bc802658511bdb0fc606b485304ef3e25ba312cb022b74fd29d6f4
edk2-ovmf-20230524-4.el9_3.2.noarch.rpm	SHA-256: 04edab8e11f9170df06847c326fea5c788ced894d688be1e941e5511acd24520
edk2-tools-20230524-4.el9_3.2.aarch64.rpm	SHA-256: 2e65f940811f5bc28781ebe9dce0772f50466410761d2497672b890de05811f0
edk2-tools-debuginfo-20230524-4.el9_3.2.aarch64.rpm	SHA-256: 533576ba82d3ac54c083f180c1a7b2359bdc85e99388daeb6fe65760cacce44f
edk2-tools-doc-20230524-4.el9_3.2.noarch.rpm	SHA-256: 1c578da8d67d1e6dddd3fe04315995da4a73e86b75b440be26f1d8ea356e4da0

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
edk2-20230524-4.el9_3.2.src.rpm	SHA-256: 6738d7517cbb59e92d13d46e92dfbccccee80d1e61d320a5a9609336c7ec946e
aarch64
edk2-aarch64-20230524-4.el9_3.2.noarch.rpm	SHA-256: 5015148c8dc1a3079e40361e30605bd318f95957345dcf588b5781569c6f4e11

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation