Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0987-1

Опубликовано: 30 мар. 2021
Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

  • CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578)
  • CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579)

Список пакетов

SUSE Linux Enterprise Server 12 SP5
ovmf-2017+git1510945757.b2662641d5-3.35.1
ovmf-tools-2017+git1510945757.b2662641d5-3.35.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.35.1
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ovmf-2017+git1510945757.b2662641d5-3.35.1
ovmf-tools-2017+git1510945757.b2662641d5-3.35.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.35.1
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.35.1

Ссылки

Описание

An unlimited recursion in DxeCore in EDK II.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:ovmf-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server 12 SP5:ovmf-tools-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server 12 SP5:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server 12 SP5:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.35.1
Ссылки

Описание

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:ovmf-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server 12 SP5:ovmf-tools-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server 12 SP5:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.35.1
SUSE Linux Enterprise Server 12 SP5:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.35.1
Ссылки