|
edk2 (2024.02-2ubuntu0.6) noble-security; urgency=medium
* SECURITY UPDATE: denial of service via excessive time
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing
of an excessively large modulus in DH_check() in
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h.
- CVE-2023-3446
* SECURITY UPDATE: denial of service via invalid q values
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing
of invalid q values in DH_check() in
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c.
- CVE-2023-3817
* SECURITY UPDATE: predictable TCP Initial Sequence Number
- debian/patches/CVE-2023-45236.patch: update TCP ISN generation in
NetworkPkg/TcpDxe/TcpDriver.c, NetworkPkg/TcpDxe/TcpDxe.inf,
NetworkPkg/TcpDxe/TcpFunc.h, NetworkPkg/TcpDxe/TcpInput.c,
NetworkPkg/TcpDxe/TcpMain.h, NetworkPkg/TcpDxe/TcpMisc.c,
NetworkPkg/TcpDxe/TcpTimer.c.
- CVE-2023-45236
* SECURITY UPDATE: predictable TCP Initial Sequence Number
- debian/patches/CVE-2023-45237.patch: fix use of weak PRNG in
NetworkPkg/*.
- CVE-2023-45237
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_err.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_key.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/err/openssl.txt,
CryptoPkg/Library/OpensslLib/openssl/include/crypto/dherr.h,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
- debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
public key check in
CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_sp800_56b_check.c.
- CVE-2023-6237
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
* SECURITY UPDATE: division-by-zero in S3 sleep
- debian/patches/CVE-2024-1298.patch: fix potential UINT32 overflow in
S3 ResumeCount in
MdeModulePkg/Universal/Acpi/Firmware*/FirmwarePerformancePei.c.
- CVE-2024-1298
* SECURITY UPDATE: Timing side-channel in ECDSA signature computation
- debian/patches/CVE-2024-13176.patch: fix timing side-channel in
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c,
CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h.
- CVE-2024-13176
* SECURITY UPDATE: unbounded memory growth
- debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
growth in TLSv1.3 in
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c,
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c,
CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c.
- CVE-2024-2511
* SECURITY UPDATE: overflow in PeCoffLoaderRelocateImage()
- debian/patches/CVE-2024-38796.patch: fix overflow issue in
BasePeCoffLib in MdePkg/Library/BasePeCoffLib/BasePeCoff.c.
- CVE-2024-38796
* SECURITY UPDATE: out of bounds read in HashPeImageByType()
- debian/patches/CVE-2024-38797-1.patch: fix OOB read in
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
- debian/patches/CVE-2024-38797-2.patch: improve logic in
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
- debian/patches/CVE-2024-38797-3.patch: improve logic in
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c.
- CVE-2024-38797
* SECURITY UPDATE: DoS via integer overflow
- debian/patches/CVE-2024-38805.patch: fix for out of bound memory
access in NetworkPkg/IScsiDxe/IScsiProto.c.
- CVE-2024-38805
* SECURITY UPDATE: use after free with SSL_free_buffers
- debian/patches/CVE-2024-4741.patch: only free the read buffers if
we're not using them in
CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c,
CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h,
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.
- CVE-2024-4741
* SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
- debian/patches/CVE-2024-5535.patch: validate provided client list in
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.
- CVE-2024-5535
* SECURITY UPDATE: Possible denial of service in X.509 name checks
- debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
name check logic in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509/v3_utl.c,
CryptoPkg/Library/OpensslLib/openssl/test/*.
- CVE-2024-6119
* SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB
memory access
- debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against
misuse in CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c,
CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c.
- CVE-2024-9143
* SECURITY UPDATE: DoS via integer overflow
- debian/patches/CVE-2025-2295.patch: fix for Remote Memory Exposure in
ISCSI in NetworkPkg/IScsiDxe/IScsiProto.c.
- CVE-2025-2295
* SECURITY UPDATE: code execution via IDT register
- debian/patches/CVE-2025-3770.patch: safe handling of
|
