ELSA-2018-3090

Опубликовано: 05 нояб. 2018

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2018-3090: ovmf security, bug fix, and enhancement update (MODERATE)

[20180508-3.gitee3198e672e2.el7]

ovmf-redhat-provide-virtual-bundled-OpenSSL-in-OVMF.patch [bz#1607792]
Resolves: bz#1607792 (add 'Provides: bundled(openssl) = 1.1.0h' to the spec file)

[20180508-2.gitee3198e672e2]

OvmfPkg/PlatformBootManagerLib: connect consoles unconditionally [bz#1577546]
build OVMF varstore template with SB enabled / certs enrolled [bz#1561128]
connect Virtio RNG devices again [bz#1579518]
Resolves: bz#1577546 (no input consoles connected under certain circumstances)
Resolves: bz#1561128 (OVMF Secure boot enablement (enrollment of default keys))
Resolves: bz#1579518 (EFI_RNG_PROTOCOL no longer produced for virtio-rng)

[20180508-1.gitee3198e672e2]

Rebase to [bz#1559542]
Resolves: bz#1559542 (Rebase OVMF for RHEL-7.6)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

OVMF

20180508-3.gitee3198e672e2.el7

Связанные CVE

CVE-2018-0739

Ссылки на источники

Связанные уязвимости

CVE-2018-0739

CVSS3: 6.5

ubuntu

около 7 лет назад

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).