[SECURITY] [DLA 2645-1] edk2 security update


------------------------------------------------------------------------- Debian LTS Advisory DLA-2645-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany April 29, 2021 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : edk2 Version : 0~20161202.7bbe0b3e-1+deb9u2 CVE ID : CVE-2019-0161 CVE-2019-14558 CVE-2019-14559 CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2019-14586 CVE-2019-14587 CVE-2021-28210 CVE-2021-28211 Debian Bug : 952926 968819 952934 977300 Several security vulnerabilities have been discovered in edk2, firmware for virtual machines. Integer and stack overflows and uncontrolled resource consumption may lead to a denial-of-service or in a worst case scenario, allow an authenticated local user to potentially enable escalation of privilege. For Debian 9 stretch, these problems have been fixed in version 0~20161202.7bbe0b3e-1+deb9u2. We recommend that you upgrade your edk2 packages. For the detailed security status of edk2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/edk2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment: signature.asc Description: This is a digitally signed message part

Affected Package

OS OS Version Package Name Package Version
Debian 10 qemu-efi-arm 0~20181115.85588389-3+deb10u3
Debian 10 qemu-efi 0~20181115.85588389-3+deb10u3
Debian 9 ovmf 0~20161202.7bbe0b3e-1+deb9u2
Debian 10 qemu-efi-aarch64 0~20181115.85588389-3+deb10u3
Debian 9 edk2 0~20161202.7bbe0b3e-1+deb9u2
Debian 10 edk2 0~20181115.85588389-3+deb10u2
Debian 10 qemu-efi-aarch64 0~20181115.85588389-3+deb10u2
Debian 10 ovmf 0~20181115.85588389-3+deb10u1
Debian 10 qemu-efi-arm 0~20181115.85588389-3+deb10u1
Debian 10 qemu-efi-arm 0~20181115.85588389-3+deb10u2
Debian 10 qemu-efi 0~20181115.85588389-3+deb10u2
Debian 10 qemu-efi 0~20181115.85588389-3+deb10u1
Debian 10 qemu-efi-aarch64 0~20181115.85588389-3+deb10u1
Debian 10 ovmf 0~20181115.85588389-3+deb10u3
Debian 10 edk2 0~20181115.85588389-3+deb10u1
Debian 9 qemu-efi 0~20161202.7bbe0b3e-1+deb9u2
Debian 10 edk2 0~20181115.85588389-3+deb10u3
Debian 10 ovmf 0~20181115.85588389-3+deb10u2