Several security issues were fixed in edk2.
Software Description:
- edk2: UEFI firmware for 64-bit x86 virtual machines
Details:
A buffer overflow was discovered in the network stack. An unprivileged user
could potentially enable escalation of privilege and/or denial of service.
This issue was already fixed in a previous release for 18.04 LTS and 19.10.
(CVE-2018-12178)
A buffer overflow was discovered in BlockIo service. An unauthenticated user
could potentially enable escalation of privilege, information disclosure and/or
denial of service. This issue was already fixed in a previous release for 18.04
LTS and 19.10. (CVE-2018-12180)
A stack overflow was discovered in bmp. An unprivileged user
could potentially enable denial of service or elevation of privilege via
local access. This issue was already fixed in a previous release for 18.04
LTS and 19.10. (CVE-2018-12181)
It was discovered that memory was not cleared before free that could lead
to potential password leak. (CVE-...
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: ovmf 0~20190606.20d2e5a1-2ubuntu1.1 qemu-efi-aarch64 0~20190606.20d2e5a1-2ubuntu1.1 qemu-efi-arm 0~20190606.20d2e5a1-2ubuntu1.1 Ubuntu 18.04 LTS: ovmf 0~20180205.c0d9813c-2ubuntu0.2 qemu-efi-aarch64 0~20180205.c0d9813c-2ubuntu0.2 qemu-efi-arm 0~20180205.c0d9813c-2ubuntu0.2 Ubuntu 16.04 LTS: ovmf 0~20160408.ffea0a2c-2ubuntu0.1 qemu-efi 0~20160408.ffea0a2c-2ubuntu0.1 After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4349-1
CVE-2018-12178, CVE-2018-12180, CVE-2018-12181, CVE-2019-14558,
CVE-2019-14559, CVE-2019-14563, CVE-2019-14575, CVE-2019-14586,
CVE-2019-14587
Get the latest Linux and open source security news straight to your inbox.