Описание
Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959).
- CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences (bsc#1153072).
- CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927).
- CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969).
- Enabled HTTPS-over-IPv6 (bsc#1153072).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP1
ovmf-2017+git1510945757.b2662641d5-5.29.3
ovmf-tools-2017+git1510945757.b2662641d5-5.29.3
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.29.3
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.29.3
Ссылки
- Link for SUSE-SU-2020:0568-1
- E-Mail link for SUSE-SU-2020:0568-1
- SUSE Security Ratings
- SUSE Bug 1153072
- SUSE Bug 1163927
- SUSE Bug 1163959
- SUSE Bug 1163969
- SUSE CVE CVE-2019-14553 page
- SUSE CVE CVE-2019-14559 page
- SUSE CVE CVE-2019-14563 page
- SUSE CVE CVE-2019-14575 page
Описание
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-tools-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.29.3
Ссылки
- CVE-2019-14553
- SUSE Bug 1153072
Описание
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-tools-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.29.3
Ссылки
- CVE-2019-14559
- SUSE Bug 1163927
Описание
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-tools-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.29.3
Ссылки
- CVE-2019-14563
- SUSE Bug 1163959
Описание
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:ovmf-tools-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.29.3
SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.29.3
Ссылки
- CVE-2019-14575
- SUSE Bug 1163969