UbuntuUpdates.org

Package "edk2"

Name: edk2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • UEFI firmware for 64-bit x86 virtual machines
  • UEFI firmware for 64-bit ARM virtual machines
  • UEFI firmware for 32-bit ARM virtual machines

Latest version: 0~20191122.bd85bf54-2ubuntu3.5
Release: focal (20.04)
Level: updates
Repository: main

Links



Other versions of "edk2" in Focal

Repository Area Version
base main 0~20191122.bd85bf54-2ubuntu3
base universe 0~20191122.bd85bf54-2ubuntu3
security universe 0~20191122.bd85bf54-2ubuntu3.5
security main 0~20191122.bd85bf54-2ubuntu3.5
updates universe 0~20191122.bd85bf54-2ubuntu3.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0~20191122.bd85bf54-2ubuntu3.5 2024-02-15 00:06:52 UTC

  edk2 (0~20191122.bd85bf54-2ubuntu3.5) focal; urgency=medium

  * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
    Thanks to Mate Kukri. LP: #2040137.
    - Backport support for GetSetupMode() and IsSecureBootEnabled():
      + 0001-SecurityPkg-Create-SecureBootVariableLib.patch
      + 0002-ArmVirtPkg-add-SecureBootVariableLib-class-resolutio.patch
      + 0003-OvmfPkg-add-SecureBootVariableLib-class-resolution.patch
      + 0004-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch
      + 0005-EmulatorPkg-add-SecureBootVariableLib-class-resoluti.patch
    - Disable the built-in Shell when SecureBoot is enabled:
      + Disable-the-Shell-when-SecureBoot-is-enabled.patch

 -- dann frazier <email address hidden> Tue, 13 Feb 2024 17:52:30 -0700

Source diff to previous version

Version: 0~20191122.bd85bf54-2ubuntu3.4 2023-01-25 00:07:08 UTC

  edk2 (0~20191122.bd85bf54-2ubuntu3.4) focal; urgency=medium

  [ dann frazier ]
  * Provide 4MB OVMF images: The existing 2MB images no longer
    have sufficient variable space for the current Secure Boot
    Forbidden Signature Database. (LP: #1885662)
    - Convert targets for pre-enrolled variable template images
      into pattern rules. This will be useful for adding additional
      pre-enrolled variable templates.
    - Update fw descriptors to reference 4M images instead of their
      2M counterparts. This will migrate tools that use the descriptor
      interface (like libvirt) over to the 4M images when creating new
      VMs. Existing 2M VMs will require manual migration.
  * Increase autopkgtest timeout from 30s to 60s. (LP: #1885186)

  [ Mustafa Kemal Gilor ]
  * Added autopkg tests for 4MB OVMF images. (LP: #1885662)

 -- Mustafa Kemal GILOR <email address hidden> Tue, 08 Nov 2022 11:40:07 +0300

Source diff to previous version
1885662 please provide 4MB firmware builds
1885186 autopkgtests sometimes timeout

Version: 0~20191122.bd85bf54-2ubuntu3.3 2021-09-23 13:06:26 UTC

  edk2 (0~20191122.bd85bf54-2ubuntu3.3) focal-security; urgency=medium

  * SECURITY UPDATE: Insufficient input validation in MdeModulePkg
    - debian/patches/CVE-2019-11098-*.patch
    - CVE-2019-11098
  * SECURITY UPDATE: overflow in openssl EVP_DecryptUpdate
    - debian/patches/CVE-2021-23840.patch
    - CVE-2021-23840
  * SECURITY UPDATE: DoS via incorrect ASN.1 string termination in openssl
    - debian/patches/CVE-2021-3712-*.patch
    - CVE-2021-3712
  * SECURITY UPDATE: remote buffer overflow in IScsiHexToBin
    - debian/patches/CVE-2021-38575-*.patch
    - CVE-2021-38575

 -- Marc Deslauriers <email address hidden> Mon, 20 Sep 2021 09:11:31 -0400

Source diff to previous version
CVE-2019-11098 Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of ser
CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is cl
CVE-2021-3712 Read buffer overruns processing ASN.1 strings
CVE-2021-38575 edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe

Version: 0~20191122.bd85bf54-2ubuntu3.2 2021-04-20 20:06:28 UTC

  edk2 (0~20191122.bd85bf54-2ubuntu3.2) focal-security; urgency=medium

  * SECURITY UPDATE: unlimited FV recursion
    - debian/patches/CVE-2021-28210-1.patch: assert SectionInstance
      invariant in FindChildNode() in
      MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c.
    - debian/patches/CVE-2021-28210-2.patch: limit FwVol encapsulation
      section recursion in MdeModulePkg/Core/Dxe/DxeMain.inf,
      MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c,
      MdeModulePkg/MdeModulePkg.dec, MdeModulePkg/MdeModulePkg.uni.
    - CVE-2021-28210
  * SECURITY UPDATE: possible heap corruption in LzmaUefiDecompressGetInfo
    - debian/patches/CVE-2021-28211.patch: catch 4GB+ uncompressed
      buffer sizes in
      MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c,
      MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h.
    - CVE-2021-28211

 -- Marc Deslauriers <email address hidden> Mon, 12 Apr 2021 08:18:49 -0400

Source diff to previous version
CVE-2021-28210 unlimited FV recursion, round 2
CVE-2021-28211 possible heap corruption with LzmaUefiDecompressGetInfo

Version: 0~20191122.bd85bf54-2ubuntu3.1 2021-01-07 16:07:14 UTC

  edk2 (0~20191122.bd85bf54-2ubuntu3.1) focal-security; urgency=medium

  * Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562)
  * CryptoPkg/BaseCryptLib: fix NULL dereference. (CVE-2019-14584)

 -- dann frazier <email address hidden> Tue, 15 Dec 2020 15:33:20 -0700

CVE-2019-14562 Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.



About   -   Send Feedback to @ubuntu_updates