Ubuntu
edk2 package

  1. Bug #1820764
  2. Comment #14

Comment 14 for bug 1820764

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package edk2 - 0~20160408.ffea0a2c-2ubuntu0.1

---------------
edk2 (0~20160408.ffea0a2c-2ubuntu0.1) xenial; urgency=medium

  * Security fixes (LP: #1820764):
    - Fix buffer overflow in BlockIo service (CVE-2018-12180)
    - DNS: Check received packet size before using (CVE-2018-12178)
    - Fix stack overflow with corrupted BMP (CVE-2018-12181)
  * Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
  * Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
  * Clear memory before free to avoid potential password leak.
    (CVE-2019-14558)
  * Fix double-unmap in SdMmcCreateTrb(). This did not impact any
    of the images built from this package. (CVE-2019-14587)
  * Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
  * Fix issue that could allow an efi image with a blacklisted hash in the
    dbx to be loaded. (CVE-2019-14575)
  * Fix a memory leak in the ARP handler. (CVE-2019-14559)

 -- dann frazier <email address hidden> Thu, 16 Apr 2020 09:05:29 -0600