Package "ovmf"
| Name: |
ovmf
|
Description: |
UEFI firmware for 64-bit x86 virtual machines
|
| Latest version: |
2022.02-3ubuntu0.22.04.3 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
edk2 |
| Homepage: |
http://www.tianocore.org |
Links
Download "ovmf"
Other versions of "ovmf" in Jammy
Changelog
|
edk2 (2022.02-3ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2021-38578.patch: Add SafeIntLib to check for
under or overflows
- CVE-2021-38578
-- Bruce Cable <email address hidden> Tue, 08 Oct 2024 18:01:17 +1100
|
| Source diff to previous version |
| CVE-2021-38578 |
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. |
|
|
edk2 (2022.02-3ubuntu0.22.04.2) jammy; urgency=medium
* Cherry-pick security fixes from upstream:
- Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763
+ 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch
+ 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch
+ 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch
- Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764
+ 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch
+ 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch
+ 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch
- Fix build failure due to symbol collision in above patches:
+ 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch
+ 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch
+ 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch
- Fix integer overflow in CreateHob(), CVE-2022-36765
+ 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch
- Fix a buffer overflow via a long server ID option in DHCPv6
client, CVE-2023-45230:
+ 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
+ 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
+ 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
- Fix an out-of-bounds read vulnerability when processing the IA_NA
or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229:
+ 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
+ 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch
- Fix an out-of-bounds read when processing Neighbor Discovery
Redirect messages, CVE-2023-45231:
+ 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
+ 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
- Avoid an infinite loop when parsing unknown options in the
Destination Options header of IPv6, CVE-2023-45232:
+ 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
+ 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
- Avoid an infinite loop when parsing a PadN option in the
Destination Options header of IPv6, CVE-2023-45233:
+ 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
+ 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Fix a potential buffer overflow when processing a DNS Servers
option from a DHCPv6 Advertise message, CVE-2023-45234:
+ 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Fix a potential buffer overflow when handling a Server ID option
from a DHCPv6 proxy Advertise message, CVE-2023-45235:
+ 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Record fixes in a SecurityFix.yaml file:
+ 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
* Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
Thanks to Mate Kukri. LP: #2040137.
- Backport support for IsSecureBootEnabled():
+ 0001-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch
- Disable the built-in Shell when SecureBoot is enabled:
+ Disable-the-Shell-when-SecureBoot-is-enabled.patch
- d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active.
- d/tests: Update run_cmd_check_secure_boot() to not expect shell
interaction.
-- dann frazier <email address hidden> Mon, 12 Feb 2024 13:19:59 -0700
|
| CVE-2022-36763 |
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. |
| CVE-2022-36764 |
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. S |
| CVE-2022-36765 |
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local netw |
| CVE-2023-45230 |
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exp |
| CVE-2023-45229 |
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message |
| CVE-2023-45231 |
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerabili |
| CVE-2023-45232 |
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This |
| CVE-2023-45233 |
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vu |
| CVE-2023-4523 |
Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run a |
| CVE-2023-45234 |
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vu |
| CVE-2023-45235 |
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise messa |
|
About
-
Send Feedback to @ubuntu_updates
