edk2 2022.02-3ubuntu0.22.04.2 source package in Ubuntu
Changelog
edk2 (2022.02-3ubuntu0.22.04.2) jammy; urgency=medium * Cherry-pick security fixes from upstream: - Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch + 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch - Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch + 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch - Fix build failure due to symbol collision in above patches: + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch + 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch - Fix integer overflow in CreateHob(), CVE-2022-36765 + 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch - Fix a buffer overflow via a long server ID option in DHCPv6 client, CVE-2023-45230: + 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch + 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch + 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch - Fix an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229: + 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch + 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch - Fix an out-of-bounds read when processing Neighbor Discovery Redirect messages, CVE-2023-45231: + 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch + 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch - Avoid an infinite loop when parsing unknown options in the Destination Options header of IPv6, CVE-2023-45232: + 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch + 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch - Avoid an infinite loop when parsing a PadN option in the Destination Options header of IPv6, CVE-2023-45233: + 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch + 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Fix a potential buffer overflow when processing a DNS Servers option from a DHCPv6 Advertise message, CVE-2023-45234: + 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Fix a potential buffer overflow when handling a Server ID option from a DHCPv6 proxy Advertise message, CVE-2023-45235: + 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Record fixes in a SecurityFix.yaml file: + 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733. Thanks to Mate Kukri. LP: #2040137. - Backport support for IsSecureBootEnabled(): + 0001-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch - Disable the built-in Shell when SecureBoot is enabled: + Disable-the-Shell-when-SecureBoot-is-enabled.patch - d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active. - d/tests: Update run_cmd_check_secure_boot() to not expect shell interaction. -- dann frazier <email address hidden> Mon, 12 Feb 2024 13:19:59 -0700
Upload details
- Uploaded by:
- dann frazier
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
edk2_2022.02.orig.tar.xz | 15.4 MiB | 35fb8823800b4e8691b8ba2be04b932ae3f49cbe7df531cb693a7c2a9f091f88 |
edk2_2022.02-3ubuntu0.22.04.2.debian.tar.xz | 72.9 KiB | 6425171e34fd6d380e68ae488f4876251cabd6f53bcf050227ef22ee6b09a45c |
edk2_2022.02-3ubuntu0.22.04.2.dsc | 2.8 KiB | 23832e0d9ef5cff50b9290bf1e1da6236c01742381c12e010f89721ba1f0bc54 |
Available diffs
Binary packages built by this source
- ovmf: UEFI firmware for 64-bit x86 virtual machines
Open Virtual Machine Firmware is a build of EDK II for 64-bit x86 virtual
machines. It includes full support for UEFI, including Secure Boot, allowing
use of UEFI in place of a traditional BIOS in your VM.
- ovmf-ia32: UEFI firmware for 32-bit x86 virtual machines
Open Virtual Machine Firmware is a build of EDK II for 32-bit x86 virtual
machines. It includes full support for UEFI, including Secure Boot, allowing
use of UEFI in place of a traditional BIOS in your VM.
- qemu-efi: transitional dummy package
This is a transitional dummy package. It contains a compatibility symlink
of /usr/share/qemu-efi/ QEMU_EFI. fd to /usr/share/ qemu-efi- aarch64/ QEMU_EFI. fd.
- qemu-efi-aarch64: UEFI firmware for 64-bit ARM virtual machines
qemu-efi-aarch64 is a build of EDK II for 64-bit ARM virtual machines. It
includes full support for UEFI, including Secure Boot.
- qemu-efi-arm: UEFI firmware for 32-bit ARM virtual machines
qemu-efi-arm is a build of EDK II for 32-bit ARM virtual machines. It
includes full support for UEFI, including Secure Boot.