ELSA-2020-5746

Опубликовано: 30 июн. 2020

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2020-5746: edk2 security update (IMPORTANT)

[1:1.3.1-1.el7]

Updates for OVMF/AAVMF Version 1.3.1 to include:

Fri May 01 2020 Aaron Young aaron.young@oracle.com

Create new 1.3.1 release for OL7

Wed Feb 05 2020 Aaron Young aaron.young@oracle.com

Create new 1.3 release for OL7 which includes the following fixed CVEs: {CVE-2018-12182} {CVE-2019-13224} {CVE-2019-13225} {CVE-2019-14553}

Fri May 17 2019 Aaron Young aaron.young@oracle.com

Create new 1.2 release for OL7 which includes the following fixed CVEs: {CVE-2017-5715} {CVE-2017-5731} {CVE-2017-5732} {CVE-2017-5733} {CVE-2017-5734} {CVE-2017-5735} {CVE-2017-5753} {CVE-2018-12178} {CVE-2018-12180} {CVE-2018-12181} {CVE-2018-3630}

Обновленные пакеты

Oracle Linux 7

OVMF

1.3.1-1.el7

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2020-5861

oracle-oval

больше 4 лет назад

ELSA-2020-5861: edk2 security update (IMPORTANT)

CVE-2019-13224

CVSS3: 9.8

ubuntu

почти 6 лет назад

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

CVE-2019-13224

CVSS3: 6.8

redhat

почти 6 лет назад

CVE-2019-13224

CVSS3: 9.8

nvd

почти 6 лет назад

CVE-2019-13224

CVSS3: 9.8

debian

почти 6 лет назад

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...