[ubuntu/jammy-updates] edk2 2022.02-3ubuntu0.22.04.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Feb 15 01:59:06 UTC 2024


edk2 (2022.02-3ubuntu0.22.04.2) jammy; urgency=medium

  * Cherry-pick security fixes from upstream:
    - Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763
      + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch
      + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch
      + 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch
    - Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764
      + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch
      + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch
      + 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch
    - Fix build failure due to symbol collision in above patches:
      + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch
      + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch
      + 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch
    - Fix integer overflow in CreateHob(), CVE-2022-36765
      + 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch
    - Fix a buffer overflow via a long server ID option in DHCPv6
      client, CVE-2023-45230:
      + 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
      + 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
      + 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
    - Fix an out-of-bounds read vulnerability when processing the IA_NA
      or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229:
      + 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
      + 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch
    - Fix an out-of-bounds read when processing Neighbor Discovery
      Redirect messages, CVE-2023-45231:
      + 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
      + 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
    - Avoid an infinite loop when parsing unknown options in the
      Destination Options header of IPv6, CVE-2023-45232:
      + 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
      + 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
    - Avoid an infinite loop when parsing a PadN option in the
      Destination Options header of IPv6, CVE-2023-45233:
      + 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
      + 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
    - Fix a potential buffer overflow when processing a DNS Servers
      option from a DHCPv6 Advertise message, CVE-2023-45234:
      + 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
    - Fix a potential buffer overflow when handling a Server ID option
      from a DHCPv6 proxy Advertise message, CVE-2023-45235:
      + 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
    - Record fixes in a SecurityFix.yaml file:
      + 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
  * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
    Thanks to Mate Kukri. LP: #2040137.
    - Backport support for IsSecureBootEnabled():
      + 0001-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch
    - Disable the built-in Shell when SecureBoot is enabled:
      + Disable-the-Shell-when-SecureBoot-is-enabled.patch
    - d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active.
    - d/tests: Update run_cmd_check_secure_boot() to not expect shell
      interaction.

Date: 2024-02-12 21:46:15.771953+00:00
Changed-By: dann frazier <dann.frazier at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list