摘要:
edk2 security update
安全等级: High
公告ID: KylinSec-SA-2024-4950
发布日期: 2024年3月22日
关联CVE: CVE-2022-36764 CVE-2023-45230 CVE-2023-45232 CVE-2023-45233 CVE-2023-45235
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.
Security Fix(es):
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
(CVE-2022-36764)
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
(CVE-2023-45230)
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
(CVE-2023-45232)
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
(CVE-2023-45233)
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
(CVE-2023-45235)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-36764 | KY3.5.2 | edk2 | Fixed |
| CVE-2023-45230 | KY3.5.2 | edk2 | Fixed |
| CVE-2023-45232 | KY3.5.2 | edk2 | Fixed |
| CVE-2023-45233 | KY3.5.2 | edk2 | Fixed |
| CVE-2023-45235 | KY3.5.2 | edk2 | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| edk2-ovmf | noarch | 202011-17.ky3_5.kb1 |
| edk2-aarch64 | noarch | 202011-17.ky3_5.kb1 |
| edk2-help | noarch | 202011-17.ky3_5.kb1 |
| python3-edk2-devel | noarch | 202011-17.ky3_5.kb1 |
| edk2-devel | x86_64 | 202011-17.ky3_5.kb1 |
| edk2-devel | aarch64 | 202011-17.ky3_5.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
