AlmaLinux alert ALSA-2024:4749 (edk2)

From:
             
 
AlmaLinux Errata Notifications <errata@almalinux.org>
To:
             
 
announce@lists.almalinux.org
Subject:
             
 
[Announce] [Security Advisory] ALSA-2024:4749: edk2 security update (Moderate)
Date:
             
 
Thu, 25 Jul 2024 04:00:09 -0700
Message-ID:
             
 
<66a23039.050a0220.894a7.12ff@mx.google.com>
Archive-link:
             
 
Article
Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata
notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-07-25

Summary:

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This
package contains a sample 64-bit UEFI firmware for QEMU and KVM. 

Security Fix(es):

* EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)
* edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)
* edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,
and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information:
https://errata.almalinux.org/9/ALSA-2024-4749.html

This message is automatically generated, please don’t reply. For further questions, please, contact
us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on
https://lists.almalinux.org.

Kind regards,
AlmaLinux Team
_______________________________________________
Announce mailing list -- announce@lists.almalinux.org
To unsubscribe send an email to announce-leave@lists.almalinux.org