This bug was fixed in the package edk2 - 0~20160408.ffea0a2c-2ubuntu0.1
---------------
edk2 (0~20160408.ffea0a2c-2ubuntu0.1) xenial; urgency=medium
* Security fixes (LP: #1820764):
- Fix buffer overflow in BlockIo service (CVE-2018-12180)
- DNS: Check received packet size before using (CVE-2018-12178)
- Fix stack overflow with corrupted BMP (CVE-2018-12181)
* Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
* Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
* Clear memory before free to avoid potential password leak.
(CVE-2019-14558)
* Fix double-unmap in SdMmcCreateTrb(). This did not impact any
of the images built from this package. (CVE-2019-14587)
* Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
* Fix issue that could allow an efi image with a blacklisted hash in the
dbx to be loaded. (CVE-2019-14575)
* Fix a memory leak in the ARP handler. (CVE-2019-14559)
-- dann frazier <da...@ubuntu.com> Thu, 16 Apr 2020 09:05:29 -0600
** Changed in: edk2 (Ubuntu Xenial)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14558
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14559
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14563
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14575
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14586
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14587
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1820764
Title:
CVE-2018-12178 CVE-2018-12180 CVE-2018-12181
Status in edk2 package in Ubuntu:
Fix Released
Status in edk2 source package in Precise:
Confirmed
Status in edk2 source package in Trusty:
Confirmed
Status in edk2 source package in Xenial:
Fix Released
Status in edk2 source package in Bionic:
Fix Released
Status in edk2 source package in Cosmic:
Fix Released
Status in edk2 source package in Disco:
Fix Released
Status in edk2 package in Debian:
Fix Released
Bug description:
[Impact]
Security vulnerabilities.
[Test Case]
Regression tested only (boot Ubuntu from disk, PXE boot)
[Fix]
https://github.com/tianocore/edk2/commit/84110bbe4bb3a346514b9bb12eadb7586bca7dfd
https://github.com/tianocore/edk2/commit/ffe5f7a6b4e978dffbe1df228963adc914451106
https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
https://github.com/tianocore/edk2/commit/89910a39dcfd788057caa5d88b7e76e112d187b5
https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f
[Regression Risk]
Risks include breaking DNS is some circumstances, possibly breaking image
processing, partition detection, and RAM disk usage. This is mitigated by these
patches having been upstream for some time, having already shipped in Ubuntu
19.04, and requiring minimal backporting to the Ubuntu versions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1820764/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
