Описание
Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820).
- CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821).
- CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4
ovmf-2017+git1510945757.b2662641d5-3.8.3
ovmf-tools-2017+git1510945757.b2662641d5-3.8.3
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ovmf-2017+git1510945757.b2662641d5-3.8.3
ovmf-tools-2017+git1510945757.b2662641d5-3.8.3
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.8.3
Ссылки
- Link for SUSE-SU-2019:0581-1
- E-Mail link for SUSE-SU-2019:0581-1
- SUSE Security Ratings
- SUSE Bug 1127820
- SUSE Bug 1127821
- SUSE Bug 1127822
- SUSE CVE CVE-2018-12178 page
- SUSE CVE CVE-2018-12180 page
- SUSE CVE CVE-2018-3630 page
Описание
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:ovmf-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:ovmf-tools-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
Ссылки
- CVE-2018-12178
- SUSE Bug 1127821
Описание
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:ovmf-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:ovmf-tools-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
Ссылки
- CVE-2018-12180
- SUSE Bug 1127820
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:ovmf-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:ovmf-tools-2017+git1510945757.b2662641d5-3.8.3
SUSE Linux Enterprise Server 12 SP4:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3
Ссылки
- CVE-2018-3630
- SUSE Bug 1127822