This bug was fixed in the package edk2 - 0~20160408.ffea0a2c-2ubuntu0.1
---------------
edk2 (0~20160408.ffea0a2c-2ubuntu0.1) xenial; urgency=medium
* Security fixes (LP: #1820764):
- Fix buffer overflow in BlockIo service (CVE-2018-12180)
- DNS: Check received packet size before using (CVE-2018-12178)
- Fix stack overflow with corrupted BMP (CVE-2018-12181)
* Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
* Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
* Clear memory before free to avoid potential password leak.
(CVE-2019-14558)
* Fix double-unmap in SdMmcCreateTrb(). This did not impact any
of the images built from this package. (CVE-2019-14587)
* Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
* Fix issue that could allow an efi image with a blacklisted hash in the
dbx to be loaded. (CVE-2019-14575)
* Fix a memory leak in the ARP handler. (CVE-2019-14559)
-- dann frazier <[email protected]> Thu, 16 Apr 2020 09:05:29 -0600
** Changed in: edk2 (Ubuntu Xenial)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14558
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14559
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14563
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14575
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14586
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14587
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820764
Title:
CVE-2018-12178 CVE-2018-12180 CVE-2018-12181
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1820764/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
