USN-5088-1

Source
https://ubuntu.com/security/notices/USN-5088-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5088-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5088-1
Related
Published
2021-09-23T11:39:45.762649Z
Modified
2021-09-23T11:39:45.762649Z
Summary
edk2 vulnerabilities
Details

It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. (CVE-2019-11098)

Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. (CVE-2021-23840)

Ingo Schwarze discovered that OpenSSL used in EDK II incorrectly handled certain ASN.1 strings. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712)

It was discovered that EDK II incorrectly decoded certain strings. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-38575)

References

Affected packages

Ubuntu:20.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0~20191122.bd85bf54-2ubuntu3.3

Affected versions

0~20190606.*

0~20190606.20d2e5a1-2ubuntu1

0~20190828.*

0~20190828.37eef910-3
0~20190828.37eef910-4

0~20191122.*

0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.3",
            "binary_name": "ovmf"
        },
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.3",
            "binary_name": "qemu-efi"
        },
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.3",
            "binary_name": "qemu-efi-aarch64"
        },
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.3",
            "binary_name": "qemu-efi-arm"
        }
    ]
}