Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2117-1

Опубликовано: 22 июн. 2021
Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

  • Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
  • CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578)
  • CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579)
  • CVE-2019-14584: ovmf,shim: NULL pointer dereference in AuthenticodeVerify() (bsc#1177789)

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
ovmf-2015+git1462940744.321151f-19.23.1
ovmf-tools-2015+git1462940744.321151f-19.23.1
qemu-ovmf-x86_64-2015+git1462940744.321151f-19.23.1

Ссылки

Описание

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.23.1
Ссылки

Описание

An unlimited recursion in DxeCore in EDK II.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.23.1
Ссылки

Описание

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.23.1
Ссылки