[El-errata] ELSA-2024-12794 Moderate: Oracle Linux 7 edk2 security update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Oct 21 21:11:16 UTC 2024
Oracle Linux Security Advisory ELSA-2024-12794
http://linux.oracle.com/errata/ELSA-2024-12794.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
AAVMF-1.7.1-3.el7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//edk2-1.7.1-3.el7.src.rpm
Related CVEs:
CVE-2024-1298
CVE-2023-45236
CVE-2023-45237
CVE-2024-25742
Description of changes:
[1.7.1]
- Create new 1.7.1 release for OL7 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}
More information about the El-errata
mailing list