[ubuntu/questing-proposed] edk2 2025.02-8 (Accepted)
dann frazier
dannf at dannf.org
Tue May 13 13:15:47 UTC 2025
edk2 (2025.02-8) unstable; urgency=medium
* ovmf, ovmf-ia32, qemu-efi-aarch64: Uninstall the EFI_MEMORY_ATTRIBUTE
protocol by default in the *.secboot.fd variants to avoid boot crashes
with incompatible guest operating systems. This is to give virtual
machine managers like libvirt and incus a release cycle to determine how
to handle these guests. Add new *.secboot.strictnx.fd variants that users
can opt-in to to benefit from NX security features. EFI_MEMORY_ATTRIBUTE
support will be restored for all *.secboot.fd images at the start of
the next devel cycle, at which point *.secboot.strictnx.fd will become
symlink aliases. Note this in NEWS.Debian and README.Debian files.
(Closes: #1103906).
* Fix out-of-bounds read in HashPeImageByType(), CVE-2024-38797.
(Closes: #1102519):
- d/p/0001-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
- d/p/0002-SecurityPkg-Improving-HashPeImageByType-logic.patch
- d/p/0003-SecurityPkg-Improving-SecureBootConfigImpl-HashPeIma.patch
- d/p/0004-SecurityPkg-Update-SecurityFixes.yaml-for-CVE-2024-3.patch
Date: 2025-05-13 10:29:42.153196+00:00
Signed-By: dann frazier <dannf at dannf.org>
https://launchpad.net/ubuntu/+source/edk2/2025.02-8
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list