group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1820764] Re: CVE-2018-12178 CVE-2018-12180 CVE-2018-12181

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1820764@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Jul 2019 08:07:49 -0000
Reply-to: Bug 1820764 <1820764@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package edk2 - 0~20180205.c0d9813c-2ubuntu0.1

---------------
edk2 (0~20180205.c0d9813c-2ubuntu0.1) bionic; urgency=medium

  * Security fixes (LP: #1820764):
    - Fix buffer overflow in BlockIo service (CVE-2018-12180)
    - DNS: Check received packet size before using (CVE-2018-12178)
    - Fix stack overflow with corrupted BMP (CVE-2018-12181)

 -- dann frazier <dannf@xxxxxxxxxx>  Mon, 08 Jul 2019 10:07:19 -0600

** Changed in: edk2 (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12178

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12180

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12181

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1820764

Title:
  CVE-2018-12178 CVE-2018-12180 CVE-2018-12181

Status in edk2 package in Ubuntu:
  Fix Released
Status in edk2 source package in Precise:
  Confirmed
Status in edk2 source package in Trusty:
  Confirmed
Status in edk2 source package in Xenial:
  Confirmed
Status in edk2 source package in Bionic:
  Fix Released
Status in edk2 source package in Cosmic:
  Fix Committed
Status in edk2 source package in Disco:
  Fix Released
Status in edk2 package in Debian:
  Fix Released

Bug description:
  [Impact]
  Security vulnerabilities.

  [Test Case]
  Regression tested only (boot Ubuntu from disk, PXE boot)

  [Fix]
  https://github.com/tianocore/edk2/commit/84110bbe4bb3a346514b9bb12eadb7586bca7dfd
  https://github.com/tianocore/edk2/commit/ffe5f7a6b4e978dffbe1df228963adc914451106
  https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
  https://github.com/tianocore/edk2/commit/89910a39dcfd788057caa5d88b7e76e112d187b5
  https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f

  [Regression Risk]
  Risks include breaking DNS is some circumstances, possibly breaking image processing, partition detection, and RAM disk usage. This is mitigated by these patches having been upstream for some time, having already shipped in Ubuntu 19.04, and requiring minimal backporting to the Ubuntu versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1820764/+subscriptions