Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.845073
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory for edk2 (USN-5088-1)
Summary:The remote host is missing an update for the 'edk2'; package(s) announced via the USN-5088-1 advisory.
Description:Summary:
The remote host is missing an update for the 'edk2'
package(s) announced via the USN-5088-1 advisory.

Vulnerability Insight:
It was discovered that EDK II incorrectly handled input validation in
MdeModulePkg. A local user could possibly use this issue to cause EDK II to
crash, resulting in a denial of service, obtain sensitive information or
execute arbitrary code. (CVE-2019-11098)

Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled
certain input lengths in EVP functions. An attacker could possibly use this
issue to cause EDK II to crash, resulting in a denial of service.
(CVE-2021-23840)

Ingo Schwarze discovered that OpenSSL used in EDK II incorrectly handled
certain ASN.1 strings. An attacker could use this issue to cause EDK II to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2021-3712)

It was discovered that EDK II incorrectly decoded certain strings. A remote
attacker could use this issue to cause EDK II to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2021-38575)

Affected Software/OS:
'edk2' package(s) on Ubuntu 20.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://security.netapp.com/advisory/ntap-20210827-0010/
https://www.openssl.org/news/secadv/20210824.txt
Debian Security Information: DSA-4963 (Google Search)
https://www.debian.org/security/2021/dsa-4963
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
http://www.openwall.com/lists/oss-security/2021/08/26/2
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.