-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGJo5iQBEADBDrePgICrxsoCWxlAiEKAgZgqeX1XhHxhDCkprNwOA9ZEU7G9
77BEHgYLSrAh3LraWYK+piBXBuHdg8KCUppUmEC4GtiHg+KxtxRjgZn/tjLD6vgZ
kwZYs0KXQVCK2bhSL0paEA78Xcx1B6xa8JArnjk87VoNl6RCjJESXkwlqGtQTEOp
bNxBy5Pd0T33xYeKcOz0GWY5ndkU1gD7NtMZdWZ8vcQclLquQO5OE33OhK78cU4Z
k4xFL5I5R4rBhlrOsw002bbD0+QI6wUKQByHfvcAz59eHS/wJOrAY/1p+IKql/4f
sRQQSRPSc+3CqELdxzF2s+AG0PciQms3RVYT6czH28Ce9C9BDAENga28FvQDf5Zi
STUeXZm0XJ9g+dLg+6FBPHp9wX+ybfAmIRXQlV4D6DledQAWjoBy3j09JOGQGSH0
S3EbQ68Qn2xyGBlYeFCZbMlKDN8NrpVCx9Jf6dDb3Qv2Do1yIIRu5x0vwKlNsQG0
NffMryLCQ0tVBNNiwqrHIbmZEhSUEmKf6u+zZsx1JMewe6fRw3hf3VOzENH5tGpZ
Z1Yg8m3E2yiXmPJ9cX3iZD0l7/L8CEiuMWt/q/NEDnKsGovi9N1r04Yxxo5lWoHr
+4taaOnC2C7YEHICIWx3lEU0lm24PbNG4QBJCJ8ctwG2rV3AMILCVSzW0QARAQAB
zSVNYXJrIEVzbGVyIDxtYXJrLmVzbGVyQGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+
FiEELTsQ/oZuJMqL99Qt1guDyQUTvU8FAmJo5iQCGwMFCQPCZwAFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AACgkQ1guDyQUTvU/Gqw/9F5ko+KS9CRXXcp4SkdhHB6aG
tD9rEJycEywPymmI+OwCJppmbQBzzwW7QGLHi8TTiWnWMSeikhSh0p9pPCc9rhLt
tYDlGZwoxXPt7PwS0k9JjITNviTNZD6uHIoYmFMxS65qdh7s7OSQj4+nTij1b+dV
qzaG4krGB/pav2D2adt4k02KfqIkPiLY0Jo+o8hKOx2HRh8xqEU/eySRtVvIx55c
D4Qh63KQv465Afz+QuKsbxuqA2iboUP/srYtMQtFi8TCF7/5gLwDbGDgOAYhIxyf
vgAH5dbBFB8lIMPjIeTbP0lE+xMHUmQsKhtYICnjhnGRJeT6vBlDFuUar5DYA3fI
m9LEAf1T1eMK4FBUSCv+cULlT9+rsHDbG6tiZU/BDp/mkKFs2Ax9W68+fgXy7bor
ixrgDhfSCsYWaxLsXW/GEmyCbp30PZlLr6kvfQq7CMEjeE79FEsef7/ppRH/t+mv
6p2xhb+DDbvqzcQZ7LQn3+PLxkR37spQRvevPxpx000CqTO5gV19w/2ZSPydm2Zd
44XSranzwDdD4o5ZsMXAPuCNlVAVzxAhxNj2QQL7xh9bdDDmM9Z7qBPwFX42n7mw
ryjBHqMtrSCSI8hupSh2B/bQSRyWd3/KQ2vlJMoq7H5EJiJYpb3blvb4tfoSfEag
PqYV1jJEcKImOGs988rOwU0EYmjmJAEQAL0wGwC8P1qj0fuLaFpPKBAFtxBqnJJc
c+63DjQ17/QJrYpKwGGkW6fz/Nn0nUDf88FdrHd7t6a9c3m82/gvsr8VjAD4SISp
DjPIpfCj5gWGAuhATWB0pwjWRsgFkIThaa0px6ZJFGdU9lJmi633Xsk4s9bws8kZ
pnwtk+StRueqcSElfLw1/gbu6EhcEH62iBb2qlRhgtntgy1dcnqDEQhcdccWSgna
+ZlDIo3Z75RWoIXxrtzUe9PDdG4Ou+k/H96mS7pZdmU6elbQlcDGYegYGH6OTYjv
Zyl81ACN9Y3Fcmc+luBMeuyQndHFnG6rjOwHr6iM9ZKRBq03QiAAp4vooPyLqG9n
ZmoeLH0Q7L2pVIwroVtsJvnjws5z3DujguZcLYCeA/WEXj8p0lYy9WVGrfJ7LyLp
+Uj7AdXFB6msED51Swb6QkpWrcC7V2COKZmfYGXFy7PdIwWeqgYjJ0zqEldHGDTD
V0yTuuER2bJ/T1WBVy9U46/KRUXYevgCZFGPbyO/vKLwKVbrbkimULMFcPJpKinF
PQs0ch7HA6PPog0wbux5Bm9O78lzYo/WFlvofFKTzfGEsnifCVXkcsu0Qp8m6DQZ
yeFO8SH3DHaHFaPKc3JYEFTdmP0PdvH8aqb5TVTb8G+hvxktDkCuCrlaoFVSCNhI
WfJ6rAxxYGuNABEBAAHCwXwEGAEKACYWIQQtOxD+hm4kyov31C3WC4PJBRO9TwUC
YmjmJAIbDAUJA8JnAAAKCRDWC4PJBRO9T3SnEACEprj9LsxvhbM6A/aLk3la8UD9
MYtLSmbl+KPGEvP0r7viPftolgV8O+tRG09Z7Wd/63WsHjA2Psgwdm49BziL8tCf
ONfVXCojPxR/uyL5ykPHSE/yC+mz3DTPWcncGCdteil6Cw43MHNCm2oYJ38VXAwV
9pikHeO5Pj5xukmc/bQr3v3NrDQI+AQpNbWs2r4vw+y01IidmMh12RkuGi2UYOga
jvfDeoSSEF7VJ6Qlij9UjatkbZpSHjn2rf+B9DdlkRNr5Vfd9/xaSFQoazdgNS/Q
HqOeZ+9HqNrUlHTH9BUaTkmV6MDXtEjVGfROXxXPw/q29QUzZUZE3agqmuxB3yar
PjW24mNu5Kd22rb06blTfBO0o7DOX9UwOVLfFLejfWAYANuXilcju9/3dHRsv6o9
9tGfRxJIMOPVY6JgswYISB7CwdA+Uda6UvU+qwYCRi7B8L13H3uhDKzA5sgRZnz2
oQw+bOB/ErZv78NVnhrdy9LAkLk0U8RVvH8sWPco4ZjQVou6wDMEsKaIlioU8x6n
YOi8LBpijWpaKEpCbU4nRdV/4d3eWr7tu1MWGcm70C6mrjypxI6TVCPg+gimjM4D
7LOpJKZJVGQg9JYPUhccp27Nn/3L2/Y9F3tKUfCTPHanOzHg4KNRRUr8CQD8qi+8
nWqztY9OeZjz0vagYM7BTQRiaOZoARAA6bzogRYAMYdwU2BsWFurvrghzEbqjguN
XwBiQ/90kXb3exYZvGXTCxdrV5FRjPU6eeX2TAyZRt6XnK6nyrZFlRAcXeWCeo05
d+mdK6fv4iOc/T0JeMZCrNm4BDjcGNOr7KImVQTNuoN9nVieVQSK/hRpSFPkNLbn
1oemHqZitxoI5HCBAVQrKR8d0REzn9Y1jdCHkhgSNaEcAww6CgF2Mlsw5txhmIh9
IZircfAzGU6lI1MgjPkDOFPDdwIoc8xtuAJB/G6gT8Ot9FQ3EMaV2zPTL7Jd1ZQR
hOrs75gjLlhOyYYb5Y3isaMKzUMYKQDFWrCws/sGEm2TwbD5gI6ipa2r71DcGijj
GJQITAQsS+rdUKBts+DPKfZR4nlLq41/utA4LJL2y33SFXeqylyIoKPs1FJ0JZyM
VXiWQyxAuPjYJPZbcSh8exj6rct/QVZgztSuvKxeaEqZ/xwkQ/uHWZxQy7lZxBbw
LCVH8HxVApD/tc3/U/jQjtQSblX3KnMia5rHjX+p9tYSSeLNPA99KNrqwLdDh9Mz
/Rm131NUHwlOEIpSeqDfs1+jQYy0QdZnxDHrIVnpIz6M8IVFRBo4LQmi0sPkzzEZ
A29s3+IzofztGXf+b+vZAmnOrQEgNPjdIVHfvQJVqcm1JdOzyuHEvN8IiV/90RAP
r2NqNrtRjQMAEQEAAcLBfAQYAQoAJhYhBC07EP6GbiTKi/fULdYLg8kFE71PBQJi
aOZoAhsgBQkDwmcAAAoJENYLg8kFE71PE2wQAK2ntrQ0902+a3KC/Ak7VhOTV0c0
my8e7mqesYRGXB158P7UJZS1grU6MjBbMsArFdshTRquSmEOnAB6ahnD+JNq+Jzf
9QKknvekzkjlC11FxTHMGncKnScsu8Vont+rFBA66JYLrh7my5CpzijTVTYC9HcA
SbnW0IzzJl90cVh5tC9S+m6Dh3kNcujWyJ8D+ceaEhwYE2LgbbDUSJa2p1tBiXQ6
SGu6nX0nyXL5p7zzRhAl/ao5cZ/FTijvdQe1Vzm7qArKj6A3ir5YOWzSnaCbfbSm
J2pPgZZCNybzStmcoZ73GgBJxIh89vixfBRLTJVECePLTw2gBmoxR1ziqs0pKW3H
y3VKBb+QMJAVmRwRlonMTgT5gHa8bCL8U7Qvx9jOrApOEqFee3dytIOoVsCUkNh0
vOKmlLuqrIopdbJm8F58qOV/eR5chfxax9jOSHkZ812LyMyxr8y6wn3d26XF4Ho1
tGRAYDI77qaLxaPbzIFas1t9X/+U+sz3Bg0exmi9/mp9wwvLJh3XOC+2MaHzBXGl
x+MvgOYIvEtZXVvfwjay19rhJRvn0D497VaVrhw7md5IbKY42h5qUCCzlHsqHEe5
YDxswWadH4fZhy+cEatf29lYJ2BaK+PIsmp22bxbxdGdoZ2cbqQXIko+3XxaiVp5
z7V5USx9zNkfsrbz
=3tFx
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELTsQ/oZuJMqL99Qt1guDyQUTvU8FAmXNbX8FAwAAAAAACgkQ1guDyQUTvU//
uhAAgMb0P6OBze+1BAKjKyqPmwnCbNS2NQm4MRpUYfhUsGnHWNbaNMcOEmw5aWlztKHMeZ0SftoL
DVXSyrhX0ssarrYrVbVGpwKGUGe08xPtiX+bvGwbDoYDWnCX7UA2km3fV2YMagejRDmKoXLc4UsI
YyZV0/K3ltj8vMHXXVKvcQG5BCgeHnls8IRoBWe3b9Kxut6VRcx7wJZczHBj5q3lT7mPQ4CBUg5/
+jEyXhZQWNsymp7Hh0gBlg7OUdTeI3baXZe1hDjOIrEsgkA1iriMyzccYXz0cbUu5+vQdbDgeNys
CL2ONwU1BpOPE+RCX1Snfx9886W63+rz0XlUUhYZxX+fUPY3unbT4hGfmDHpebEbaYVqaM3yfCR1
7YCqQrpqi1u7b3r1nmC5+5w/KbaeLf54axvowFlefVLXHICkznYaNgIAWVeMrbG96/1txQeqR9IX
oayCj2PBAnYuMmX2HdF2i5dln4DjxHqBCot4cMcQGedKJesr0wjicZNMFjg0NN6wkdgoVwyxSNeC
MrD+AJuDF5ERLT2ldHFg8vK3etDbpNobubrnZDdg+fEGxk3G1xAk5XMDbyNhlXp9HstPXAqzsECN
+f2jilApB0f8F+N1FfYQOwJmae/MLsCyvVFWYm1H5tc6D4Xv6ymys46e2NCrVAaeabnH6Y+AkqZt
Oqw=
=ViZp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6638-1
February 15, 2024
edk2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in EDK II.
Software Description:
- edk2: UEFI firmware for virtual machines
Details:
Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the
local network could potentially use this to impact availability or possibly
cause remote code execution. (CVE-2022-36763, CVE-2022-36764,
CVE-2022-36765)
It was discovered that a buffer overflows exists in EDK2's Network Package
An attacker on the local network could potentially use these to impact
availability or possibly cause remote code execution. (CVE-2023-45230,
CVE-2023-45234, CVE-2023-45235)
It was discovered that an out-of-bounds read exists in EDK2's Network
Package An attacker on the local network could potentially use this to
impact confidentiality. (CVE-2023-45231)
It was discovered that infinite-loops exists in EDK2's Network Package
An attacker on the local network could potentially use these to impact
availability. (CVE-2023-45232, CVE-2023-45233)
Mate Kukri discovered that an insecure default to allow UEFI Shell in
EDK2 was left enabled in Ubuntu's EDK2. An attacker could use this to
bypass Secure Boot. (CVE-2023-48733)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
efi-shell-aa64 2023.05-2ubuntu0.1
efi-shell-arm 2023.05-2ubuntu0.1
efi-shell-x64 2023.05-2ubuntu0.1
ovmf 2023.05-2ubuntu0.1
qemu-efi-aarch64 2023.05-2ubuntu0.1
qemu-efi-arm 2023.05-2ubuntu0.1
Ubuntu 22.04 LTS:
ovmf 2022.02-3ubuntu0.22.04.2
qemu-efi 2022.02-3ubuntu0.22.04.2
qemu-efi-aarch64 2022.02-3ubuntu0.22.04.2
qemu-efi-arm 2022.02-3ubuntu0.22.04.2
Ubuntu 20.04 LTS:
ovmf 0~20191122.bd85bf54-2ubuntu3.5
qemu-efi 0~20191122.bd85bf54-2ubuntu3.5
qemu-efi-aarch64 0~20191122.bd85bf54-2ubuntu3.5
qemu-efi-arm 0~20191122.bd85bf54-2ubuntu3.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6638-1
CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230,
CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234,
CVE-2023-45235, CVE-2023-48733,https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Package Information:
https://launchpad.net/ubuntu/+source/edk2/2023.05-2ubuntu0.1
https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.5
No comments:
Post a Comment