Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371).
Список пакетов
SUSE Enterprise Storage 7
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
qemu-uefi-aarch64-201911-150200.7.24.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
qemu-uefi-aarch64-201911-150200.7.24.1
SUSE Linux Enterprise Server 15 SP2-LTSS
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
qemu-uefi-aarch64-201911-150200.7.24.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
SUSE Manager Proxy 4.1
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
SUSE Manager Retail Branch Server 4.1
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
SUSE Manager Server 4.1
ovmf-201911-150200.7.24.1
ovmf-tools-201911-150200.7.24.1
qemu-ovmf-x86_64-201911-150200.7.24.1
Ссылки
- Link for SUSE-SU-2023:0004-1
- E-Mail link for SUSE-SU-2023:0004-1
- SUSE Security Ratings
- SUSE Bug 1188371
- SUSE CVE CVE-2019-11098 page
Описание
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Затронутые продукты
SUSE Enterprise Storage 7:ovmf-201911-150200.7.24.1
SUSE Enterprise Storage 7:ovmf-tools-201911-150200.7.24.1
SUSE Enterprise Storage 7:qemu-ovmf-x86_64-201911-150200.7.24.1
SUSE Enterprise Storage 7:qemu-uefi-aarch64-201911-150200.7.24.1
Ссылки
- CVE-2019-11098
- SUSE Bug 1188371