[ubuntu/jammy-updates] edk2 2022.02-3ubuntu0.22.04.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Nov 26 17:30:32 UTC 2025
edk2 (2022.02-3ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: Read buffer overrun in X509_aux_print()
- debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in
X509_aux_print() in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509/t_x509.c.
- debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not
assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_alt.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_utl.c,
CryptoPkg/Library/OpensslLib/openssl/include/crypto/x509.h.
- debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not
assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_cpols.c.
- debian/patches/CVE-2021-3712-4.patch: fix printing of
PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_pci.c.
- debian/patches/CVE-2021-3712-5.patch: fix the name constraints code
to not assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_ncons.c.
- debian/patches/CVE-2021-3712-6.patch: fix test code to not assume NUL
terminated strings in
CryptoPkg/Library/OpensslLib/openssl/test/x509_time_test.c.
- debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not
assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_utl.c.
- debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print
function to not assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/t_spki.c.
- debian/patches/CVE-2021-3712-9.patch: fix
EC_GROUP_new_from_ecparameters to check the base length in
CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_asn1.c.
- debian/patches/CVE-2021-3712-10.patch: allow fuzz builds to detect
string overruns in
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/asn1_lib.c.
- debian/patches/CVE-2021-3712-11.patch: fix the error handling in
i2v_AUTHORITY_KEYID in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_akey.c.
- debian/patches/CVE-2021-3712-12.patch: allow fuzz builds to detect
string overruns in
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/asn1_lib.c.
- debian/patches/CVE-2021-3712-13.patch: fix the name constraints code
to not assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_ncons.c.
- debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not
assume NUL terminated strings in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_utl.c.
- CVE-2021-3712
* SECURITY UPDATE: Infinite loop in BN_mod_sqrt()
- debian/patches/CVE-2022-0778-1.patch: fix infinite loop in
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_sqrt.c.
- debian/patches/CVE-2022-0778-2.patch: add documentation of
BN_mod_sqrt() in
CryptoPkg/Library/OpensslLib/openssl/doc/man3/BN_add.pod.
- debian/patches/CVE-2022-0778-3.patch: add a negative testcase for
BN_mod_sqrt in CryptoPkg/Library/OpensslLib/openssl/test/bntest.c,
CryptoPkg/Library/OpensslLib/openssl/test/recipes/10-test_bn_data/bnmod.txt.
- CVE-2022-0778
* SECURITY UPDATE: Timing Oracle in RSA Decryption
- debian/patches/CVE-2022-4304-1.patch: use alternative fix in
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_asm.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_blind.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_lib.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_local.h,
CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_ossl.c.
- debian/patches/CVE-2022-4304-2.patch: re-add
BN_F_OSSL_BN_RSA_DO_UNBLIND which was incorrectly removed in
iCryptoPkg/Library/OpensslLib/openssl/nclude/openssl/bnerr.h.
- CVE-2022-4304
* SECURITY UPDATE: Double free after calling PEM_read_bio_ex
- debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header
and data params for PEM_read_bio_ex in
CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c.
- debian/patches/CVE-2022-4450-2.patch: add a test in
CryptoPkg/Library/OpensslLib/openssl/test/pemtest.c.
- CVE-2022-4450
* SECURITY UPDATE: Use-after-free following BIO_new_NDEF
- debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug
in BIO_new_NDEF in
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/bio_ndef.c.
- debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO
setup with -stream is handled correctly in
CryptoPkg/Library/OpensslLib/openssl/test/recipes/80-test_cms.t,
CryptoPkg/Library/OpensslLib/openssl/test/smime-certs/badrsa.pem.
- CVE-2023-0215
* SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
- debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
x400Address in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509/v3_genn.c,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h,
CryptoPkg/Library/OpensslLib/openssl/test/v3nametest.c.
- CVE-2023-0286
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
in a policy tree (the default limit is set to 1000 nodes).
- debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
resource overuse.
- debian/patches/CVE-2023-0464-3.patch: disable the policy tree
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
is checked even in leaf certs.
- debian/patches/CVE-2023-0465-2.patch: generate some certificates with
the certificatePolicies extension.
- debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
- CVE-2023-0465
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
CryptoPkg/Library/OpensslLib/openssl/crypto/objects/obj_dat.c.
- CVE-2023-2650
* SECURITY UPDATE: denial of service via excessive time
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing
of an excessively large modulus in DH_check() in
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h.
- CVE-2023-3446
* SECURITY UPDATE: denial of service via invalid q values
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing
of invalid q values in DH_check() in
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c.
- CVE-2023-3817
* SECURITY UPDATE: predictable TCP Initial Sequence Number
- debian/patches/CVE-2023-45236.patch: update TCP ISN generation in
NetworkPkg/TcpDxe/TcpDriver.c, NetworkPkg/TcpDxe/TcpDxe.inf,
NetworkPkg/TcpDxe/TcpFunc.h, NetworkPkg/TcpDxe/TcpInput.c,
NetworkPkg/TcpDxe/TcpMain.h, NetworkPkg/TcpDxe/TcpMisc.c,
NetworkPkg/TcpDxe/TcpTimer.c.
- CVE-2023-45236
* SECURITY UPDATE: predictable TCP Initial Sequence Number
- debian/patches/CVE-2023-45237-pre1.patch: add GUID to describe Arm
Rndr Rng algorithms in MdePkg/Include/Protocol/Rng.h,
MdePkg/MdePkg.dec.
- debian/patches/CVE-2023-45237.patch: fix use of weak PRNG in
NetworkPkg/*.
- CVE-2023-45237
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_err.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_key.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/err/openssl.txt,
CryptoPkg/Library/OpensslLib/openssl/include/crypto/dherr.h,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h,
CryptoPkg/Library/OpensslLib/openssl/include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
* SECURITY UPDATE: division-by-zero in S3 sleep
- debian/patches/CVE-2024-1298.patch: fix potential UINT32 overflow in
S3 ResumeCount in
MdeModulePkg/Universal/Acpi/Firmware*/FirmwarePerformancePei.c.
- CVE-2024-1298
* SECURITY UPDATE: Timing side-channel in ECDSA signature computation
- debian/patches/CVE-2024-13176.patch: fix timing side-channel in
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c,
CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h.
- CVE-2024-13176
* SECURITY UPDATE: unbounded memory growth
- debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
growth in TLSv1.3 in
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c,
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c,
CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c.
- CVE-2024-2511
* SECURITY UPDATE: overflow in PeCoffLoaderRelocateImage()
- debian/patches/CVE-2024-38796.patch: fix overflow issue in
BasePeCoffLib in MdePkg/Library/BasePeCoffLib/BasePeCoff.c.
- CVE-2024-38796
* SECURITY UPDATE: out of bounds read in HashPeImageByType()
- debian/patches/CVE-2024-38797-1.patch: fix OOB read in
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
- debian/patches/CVE-2024-38797-2.patch: improve logic in
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
- debian/patches/CVE-2024-38797-3.patch: improve logic in
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c.
- CVE-2024-38797
* SECURITY UPDATE: DoS via integer overflow
- debian/patches/CVE-2024-38805.patch: fix for out of bound memory
access in NetworkPkg/IScsiDxe/IScsiProto.c.
- CVE-2024-38805
* SECURITY UPDATE: use after free with SSL_free_buffers
- debian/patches/CVE-2024-4741.patch: only free the read buffers if
we're not using them in
CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c,
CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h,
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.
- CVE-2024-4741
* SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
- debian/patches/CVE-2024-5535.patch: validate provided client list in
CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.
- CVE-2024-5535
* SECURITY UPDATE: Possible denial of service in X.509 name checks
- debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
name check logic in
CryptoPkg/Library/OpensslLib/openssl/crypto/x509/v3_utl.c,
CryptoPkg/Library/OpensslLib/openssl/test/*.
- CVE-2024-6119
* SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB
memory access
- debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against
misuse in CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c,
CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c.
- CVE-2024-9143
* SECURITY UPDATE: DoS via integer overflow
- debian/patches/CVE-2025-2295.patch: fix for Remote Memory Exposure in
ISCSI in NetworkPkg/IScsiDxe/IScsiProto.c.
- CVE-2025-2295
* SECURITY UPDATE: code execution via IDT register
- debian/patches/CVE-2025-3770.patch: safe handling of IDT register on
SMM entry in UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm.
- CVE-2025-3770
Date: 2025-10-25 16:38:13.779770+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list