Описание
Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267).
- CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15
ovmf-2017+git1510945757.b2662641d5-5.19.1
ovmf-tools-2017+git1510945757.b2662641d5-5.19.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.19.1
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.19.1
Ссылки
- Link for SUSE-SU-2019:0804-1
- E-Mail link for SUSE-SU-2019:0804-1
- SUSE Security Ratings
- SUSE Bug 1128503
- SUSE Bug 1130267
- SUSE CVE CVE-2018-12181 page
- SUSE CVE CVE-2019-0160 page
Описание
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.19.1
SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.19.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.19.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.19.1
Ссылки
- CVE-2018-12181
- SUSE Bug 1128503
Описание
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.19.1
SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.19.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.19.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.19.1
Ссылки
- CVE-2019-0160
- SUSE Bug 1130267