-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1482
                           edk2 security update
                               30 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           edk2
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-28211 CVE-2021-28210 CVE-2019-14587
                   CVE-2019-14586 CVE-2019-14584 CVE-2019-14575
                   CVE-2019-14563 CVE-2019-14562 CVE-2019-14559
                   CVE-2019-14558 CVE-2019-0161 

Reference:         ESB-2021.1335
                   ESB-2020.3845
                   ESB-2020.1558

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2645-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
April 29, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : edk2
Version        : 0~20161202.7bbe0b3e-1+deb9u2
CVE ID         : CVE-2019-0161 CVE-2019-14558 CVE-2019-14559 CVE-2019-14562
                 CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2019-1458
                 CVE-2019-14587 CVE-2021-28210 CVE-2021-28211
Debian Bug     : 952926 968819 952934 977300

Several security vulnerabilities have been discovered in edk2, firmware for
virtual machines. Integer and stack overflows and uncontrolled resource
consumption may lead to a denial-of-service or in a worst case scenario,
allow an authenticated local user to potentially enable escalation of
privilege.

For Debian 9 stretch, these problems have been fixed in version
0~20161202.7bbe0b3e-1+deb9u2.

We recommend that you upgrade your edk2 packages.

For the detailed security status of edk2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/edk2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmCLEPVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRcCBAAuoLCqLHNpZ6qrhaUwz19B8GgP0TvjGccXuwOTgSGjLt78z7K3GgcfcK/
HOHly7hEg1yxAds7hOLRsBDor58Sm4TKFGFIWdYyiLgnmexyNaZUq8UZOITAyvPu
klm4dnKBxKDYlI/RoU/a3iDBQ0AfFjS+ci7MZY0MZ25F0M2X7e+9RrcOaHmrUFHn
C5ybLcf5QEAqYD2LmroQZudHOwT5I328Rwh5YRa0qbfh32yOkku9VFMHq93Q3N7f
1Qy2EYvuAesSuBgJKuo0RIuBX3IPJd5yFvWR0JdyZeh6Unx/0SHwM2LwC9THRLfT
Zly7CrnR7aWFAnp2YDRu/uAwb0E9CzI1hcZcMEhHdUkDvButgbXRhYGjUTuDcnMQ
lCT0qCxGwr/AzccjEdWmOxa3/uC8Y5MTCRnHX8EYpWpttI2AxHReZVq5JHXOdbiB
7nwwUCCw73TzK7tPI48gIOmy3wQyh/IT+cBTACzarlwwdgZeep5LvEx6L1VYf1mB
xgFunkrupHmYqmAn11/jyy/fNgE5RE4Dwus5hiyA44W0Ji7U8I4v12oVhF8eJlba
2P0IZjixcxmVpnylgz9cTj+bCtiuGwlzIsg3rGX0y+Yjw8843OE/28Hm7zuArCnR
XerLxnuOAd0FeJh/Zu9vw810cHVGNr8JrpQjMhOr/GdKvHBP0fc=
=yKBL
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYItWYONLKJtyKPYoAQj+oQ/7B4U8Zb9ddFHqKP9FJIJqr9lUnBKVsAdL
+AczDQLAzo5vvRTAoIShQi1TE6c0Gwmx/1e+6X2Xsq5mE4bYnBvYsrC4NTRwiT/m
PJzQy0HV1yhpnPy97moXvT4jSyGKRs5V2wvnBxC80jGIzFpyTJ864SiGFI5WxF7a
qyM3mRG97inHnGyM5zVQCrnFys5W6sL4+9lzu0dAOJhoR4Ou0POrPaORU7+Vi/cF
BcmYWsdWYaRl1M2vZnvNES/+xd4S3QP5ECKHhtbh54gBkuC/Vs4pUUez08sOJeTx
fTCChUcjzRvVtq/U+QemlzE4N2FG8Rjgf7t86XQOidMnEsA3oqDvppku02+iamMV
kSKT15X6ObCFuaqz02ndY/O9KEVGNfB8KzWRaDz8Qw9YDw4GOFCBOQNega4b9PWr
PJfFD9hAxPQdt3VHYeMLKAkmAhwmmA3EpAtl1LyXX1H0i35pTgNAftK3vbhcn9rZ
v9HrjCWBvYRIsZXYOX468OvwTa58CdTfM/2nsnnE4V0gzXZqqa29B36gGSkA5LQO
J7e/yBopM6Rsa+lmE1mY5hCR+rD01xiftCy3fRuxOULPhhogGD1te1T4R0n1Xhmw
71TQsre+gQ0N6esDi0GHjPNw0UYXx7Fo8xpGEC9BLIeXuI8nUpH6JHO/x3G8ONto
eGmbcG8vWVo=
=aAEL
-----END PGP SIGNATURE-----