Issued:: 2024-11-12
Updated:: 2024-11-12

RHSA-2024:9088 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: edk2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for edk2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
openssl: denial of service via null dereference (CVE-2024-0727)
edk2: Temporary DoS vulnerability (CVE-2024-1298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64

Fixes

BZ - 2257571 - CVE-2023-6129 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC
BZ - 2258502 - CVE-2023-6237 openssl: Excessive time spent checking invalid RSA public keys
BZ - 2259944 - CVE-2024-0727 openssl: denial of service via null dereference
BZ - 2284243 - CVE-2024-1298 edk2: Temporary DoS vulnerability
RHEL-26879 - rebase to edk2-stable202402
RHEL-32486 - rebase to edk2-stable202405 [rhel-9]
RHEL-36446 - edk2: enable MOR [rhel-9]
RHEL-28751 - [SVVP + HCK-CI] Prepare minimal HSTI driver and merge it into OVMF upstream
RHEL-43442 - edk2 disconnects abnormally before loading the kernel
RHEL-45899 - [RHEL-9.5.0] edk2 hit Failed to generate random data
RHEL-56081 - [EDK2] Shim fallback reboot workaround might not work on SNP
RHEL-56974 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9]

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
x86_64
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
x86_64
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
x86_64
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat Enterprise Linux for ARM 64 9

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
aarch64
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
aarch64
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
x86_64
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec
edk2-debugsource-20240524-6.el9_5.x86_64.rpm	SHA-256: a07f34639072e92e2e1bca1449fe478961c89088f8ebaa92dc5aff62323a0c23
edk2-tools-20240524-6.el9_5.x86_64.rpm	SHA-256: 5585fb806b45f0c0a8b4beb456689ff3d4feb4d480e145fe31eb780d7728b6bb
edk2-tools-debuginfo-20240524-6.el9_5.x86_64.rpm	SHA-256: 3a4563e3b29cb29132d9d3fcf3e40b6ea9a311c81e24c8cddffbffd86e041817
edk2-tools-doc-20240524-6.el9_5.noarch.rpm	SHA-256: b7a6affd91fd8c02471b16b5cf520f0f534bb61ea80ce36580cffaa2e7e5e0cc

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
edk2-debugsource-20240524-6.el9_5.aarch64.rpm	SHA-256: b55e608eb5764af5c37cc89e74f118ec937a842ef5744e0c219613674ce73d03
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a
edk2-tools-20240524-6.el9_5.aarch64.rpm	SHA-256: 089944ce7ce32cb0d3f42029c8d83fd78c5089bb066502381ce12d5ce4e9cd44
edk2-tools-debuginfo-20240524-6.el9_5.aarch64.rpm	SHA-256: bf5cfb9bc6bd2d2387414a2f05ca150a2b0b1a5188a5a05c915f00ba530eb692
edk2-tools-doc-20240524-6.el9_5.noarch.rpm	SHA-256: b7a6affd91fd8c02471b16b5cf520f0f534bb61ea80ce36580cffaa2e7e5e0cc

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6

SRPM
x86_64
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec
edk2-debugsource-20240524-6.el9_5.x86_64.rpm	SHA-256: a07f34639072e92e2e1bca1449fe478961c89088f8ebaa92dc5aff62323a0c23
edk2-tools-20240524-6.el9_5.x86_64.rpm	SHA-256: 5585fb806b45f0c0a8b4beb456689ff3d4feb4d480e145fe31eb780d7728b6bb
edk2-tools-debuginfo-20240524-6.el9_5.x86_64.rpm	SHA-256: 3a4563e3b29cb29132d9d3fcf3e40b6ea9a311c81e24c8cddffbffd86e041817
edk2-tools-doc-20240524-6.el9_5.noarch.rpm	SHA-256: b7a6affd91fd8c02471b16b5cf520f0f534bb61ea80ce36580cffaa2e7e5e0cc

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6

SRPM
ppc64le
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6

SRPM
s390x
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6

SRPM
aarch64
edk2-debugsource-20240524-6.el9_5.aarch64.rpm	SHA-256: b55e608eb5764af5c37cc89e74f118ec937a842ef5744e0c219613674ce73d03
edk2-ovmf-20240524-6.el9_5.noarch.rpm	SHA-256: 2dba7dcd1396b4bcaed1464423be7935c4e1bf95fcf77f513f49fd4b6aec379a
edk2-tools-20240524-6.el9_5.aarch64.rpm	SHA-256: 089944ce7ce32cb0d3f42029c8d83fd78c5089bb066502381ce12d5ce4e9cd44
edk2-tools-debuginfo-20240524-6.el9_5.aarch64.rpm	SHA-256: bf5cfb9bc6bd2d2387414a2f05ca150a2b0b1a5188a5a05c915f00ba530eb692
edk2-tools-doc-20240524-6.el9_5.noarch.rpm	SHA-256: b7a6affd91fd8c02471b16b5cf520f0f534bb61ea80ce36580cffaa2e7e5e0cc

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
edk2-20240524-6.el9_5.src.rpm	SHA-256: 1968d1024d5b4b43c6cf650ae9750afb61051e2e66eaebc2c790a0033fb205fb
aarch64
edk2-aarch64-20240524-6.el9_5.noarch.rpm	SHA-256: 721af328282e522d5cd5a60f159eac546a2abef09ce54eef9b5c3c9a90eb8fec

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation