SUSE-SU-2020:3126-1

Опубликовано: 03 нояб. 2020

Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476).
CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

ovmf-2015+git1462940744.321151f-19.15.1

ovmf-tools-2015+git1462940744.321151f-19.15.1

qemu-ovmf-x86_64-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-LTSS

ovmf-2015+git1462940744.321151f-19.15.1

ovmf-tools-2015+git1462940744.321151f-19.15.1

qemu-ovmf-x86_64-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

ovmf-2015+git1462940744.321151f-19.15.1

ovmf-tools-2015+git1462940744.321151f-19.15.1

qemu-ovmf-x86_64-2015+git1462940744.321151f-19.15.1

SUSE OpenStack Cloud 7

ovmf-2015+git1462940744.321151f-19.15.1

ovmf-tools-2015+git1462940744.321151f-19.15.1

qemu-ovmf-x86_64-2015+git1462940744.321151f-19.15.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203126-1/
Link for SUSE-SU-2020:3126-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007682.html
E-Mail link for SUSE-SU-2020:3126-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1163927
SUSE Bug 1163927
https://bugzilla.suse.com/1175476
SUSE Bug 1175476
https://www.suse.com/security/cve/CVE-2019-14559/
SUSE CVE CVE-2019-14559 page
https://www.suse.com/security/cve/CVE-2019-14562/
SUSE CVE CVE-2019-14562 page

Описание

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14559.html
CVE-2019-14559
https://bugzilla.suse.com/1163927
SUSE Bug 1163927

Описание

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.15.1

SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14562.html
CVE-2019-14562
https://bugzilla.suse.com/1175476
SUSE Bug 1175476

SUSE-SU-2020:3126-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2019-14559

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-14562

Описание

Затронутые продукты

Ссылки