CVE-2019-14584
Tianocore Edk2是Tianocore社区的一个遵循UEFI和PI规范的跨平台固件开发环境。 Tianocore Edk2 种存在安全漏洞,以下产品及版本受到影响:Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Ubuntu 21.04 (Hirsute Hippo),Ubuntu 20.10 (Groovy Gorilla),Ubuntu 20.04 LTS (Focal Fossa),Ubuntu 18.04 LTS (Bionic Beaver),Ubuntu 16.04 LTS (Xenial Xerus),Ubuntu 14.04 ESM (Trusty Tahr)Ubuntu 12.04 ESM (Precise Pangolin),SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2,SUSE Linux Enterprise Module for Server Applications 15 SP1,SUSE Linux Enterprise Module for Server Applications 15 SP2,SUSE Linux Enterprise Module for Server Applications 15 SP2
CVE-2019-14562
EDK2是TianoCore(Tianocore)社区的一套基于UEFI和PI规范的跨平台固件开发环境。TianoCore EDK II BIOS中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
·银河麒麟桌面操作系统V4 SP1、银河麒麟桌面操作系统V4 SP2、银河麒麟桌面操作系统V4 SP3、银河麒麟桌面操作系统V4 SP4
x86_64 架构:
ovmf、qemu-efi
arm64 架构:
ovmf、qemu-efi
mips64el 架构:
ovmf、qemu-efi
loongarch64 架构:
ovmf、qemu-efi
·银河麒麟服务器操作系统V4 SP1、银河麒麟服务器操作系统V4 SP2、银河麒麟服务器操作系统V4 SP3、银河麒麟服务器操作系统V4 SP4
x86_64 架构:
ovmf、qemu-efi
arm64 架构:
ovmf、qemu-efi
mips64el 架构:
ovmf、qemu-efi
loongarch64 架构:
ovmf、qemu-efi
·银河麒麟桌面操作系统V4 SP1、银河麒麟桌面操作系统V4 SP2、银河麒麟桌面操作系统V4 SP3、银河麒麟桌面操作系统V4 SP4
0~20160408.ffea0a2c-2kord0.2
·银河麒麟服务器操作系统V4 SP1、银河麒麟服务器操作系统V4 SP2、银河麒麟服务器操作系统V4 SP3、银河麒麟服务器操作系统V4 SP4
0~20160408.ffea0a2c-2kord0.2
打开软件包源配置文件,根据仓库地址进行修改。
4.0.2-sp1桌面版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp1-desktop main restricted universe multiverse
4.0.2-sp2桌面版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp2-desktop main restricted universe multiverse
4.0.2-sp3桌面版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp3-desktop main restricted universe multiverse
4.0.2-sp4桌面版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp4-desktop main restricted universe multiverse
4.0.2-sp1服务器版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp1-server main restricted universe multiverse
4.0.2-sp2服务器版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp2-server main restricted universe multiverse
4.0.2-sp3服务器版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp3-server main restricted universe multiverse
4.0.2-sp4服务器版:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp4-server main restricted universe multiverse
配置完成后执行更新命令进行升级
$sudo apt update
$sudo apt install ovmf
$sudo apt install qemu-efi
通过软件包地址下载软件包,使用软件包升级命令根据受影响的软件包列表升级相关的组件包。
$sudo dpkg -i /Path1/Package1 /Path2/Package2 /Path3/Package3……
注:Path 指软件包下载到本地的路径,Package指下载的软件包名称,多个软件包则以空格分开。
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/ovmf_0~20160408.ffea0a2c-2kord0.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/multiverse/e/edk2/qemu-efi_0~20160408.ffea0a2c-2kord0.2_all.deb
使用软件包查询命令,查看相关的软件包版本大于或等于修复版本则成功修复。
$sudo dpkg -l |grep Package
注:Package为软件包包名。