exploitDog

SUSE-SU-2020:3883-1

Опубликовано: 18 дек. 2020

Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

CVE-2019-14584: Fixed a null dereference in AuthenticodeVerify() (bsc#1177789).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

ovmf-2017+git1510945757.b2662641d5-3.32.1

ovmf-tools-2017+git1510945757.b2662641d5-3.32.1

qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.32.1

qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

ovmf-2017+git1510945757.b2662641d5-3.32.1

ovmf-tools-2017+git1510945757.b2662641d5-3.32.1

qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.32.1

qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.32.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203883-1/
Link for SUSE-SU-2020:3883-1
https://lists.suse.com/pipermail/sle-security-updates/2020-December/008092.html
E-Mail link for SUSE-SU-2020:3883-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1177789
SUSE Bug 1177789
https://www.suse.com/security/cve/CVE-2019-14584/
SUSE CVE CVE-2019-14584 page

Описание

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ovmf-2017+git1510945757.b2662641d5-3.32.1

SUSE Linux Enterprise Server 12 SP5:ovmf-tools-2017+git1510945757.b2662641d5-3.32.1

SUSE Linux Enterprise Server 12 SP5:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.32.1

SUSE Linux Enterprise Server 12 SP5:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14584.html
CVE-2019-14584
https://bugzilla.suse.com/1177789
SUSE Bug 1177789