[ubuntu/plucky-updates] edk2 2025.02-3ubuntu2.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Nov 26 17:30:37 UTC 2025 

edk2 (2025.02-3ubuntu2.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Timing side-channel in ECDSA signature computation
    - debian/patches/CVE-2024-13176.patch: fix timing side-channel in
      CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c,
      CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h.
    - CVE-2024-13176
  * SECURITY UPDATE: out of bounds read in HashPeImageByType()
    - debian/patches/CVE-2024-38797-1.patch: fix OOB read in
      SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
    - debian/patches/CVE-2024-38797-2.patch: improve logic in
      SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
    - debian/patches/CVE-2024-38797-3.patch: improve logic in
      SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c.
    - CVE-2024-38797
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2024-38805.patch: fix for out of bound memory
      access in NetworkPkg/IScsiDxe/IScsiProto.c.
    - CVE-2024-38805
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2025-2295.patch: fix for Remote Memory Exposure in
      ISCSI in NetworkPkg/IScsiDxe/IScsiProto.c.
    - CVE-2025-2295
  * SECURITY UPDATE: code execution via IDT register
    - debian/patches/CVE-2025-3770.patch: safe handling of IDT register on
      SMM entry in UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm.
    - CVE-2025-3770
  * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling
    - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte
      in CryptoPkg/Library/OpensslLib/openssl/crypto/http/http_lib.c.
    - CVE-2025-9232

Date: 2025-10-08 16:59:12.615367+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/edk2/2025.02-3ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the plucky-changes mailing list