SUSE-SU-2023:0036-1

Опубликовано: 06 янв. 2023

Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371).

Список пакетов

SUSE Enterprise Storage 7.1

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

SUSE Linux Enterprise Micro 5.1

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

SUSE Linux Enterprise Micro 5.2

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

SUSE Linux Enterprise Real Time 15 SP3

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

SUSE Linux Enterprise Server 15 SP3-LTSS

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

SUSE Manager Proxy 4.2

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

SUSE Manager Retail Branch Server 4.2

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

SUSE Manager Server 4.2

ovmf-202008-150300.10.17.1

ovmf-tools-202008-150300.10.17.1

qemu-ovmf-x86_64-202008-150300.10.17.1

openSUSE Leap Micro 5.2

qemu-ovmf-x86_64-202008-150300.10.17.1

qemu-uefi-aarch64-202008-150300.10.17.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230036-1/
Link for SUSE-SU-2023:0036-1
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013429.html
E-Mail link for SUSE-SU-2023:0036-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188371
SUSE Bug 1188371
https://www.suse.com/security/cve/CVE-2019-11098/
SUSE CVE CVE-2019-11098 page

Описание

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Затронутые продукты

SUSE Enterprise Storage 7.1:ovmf-202008-150300.10.17.1

SUSE Enterprise Storage 7.1:ovmf-tools-202008-150300.10.17.1

SUSE Enterprise Storage 7.1:qemu-ovmf-x86_64-202008-150300.10.17.1

SUSE Enterprise Storage 7.1:qemu-uefi-aarch64-202008-150300.10.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11098.html
CVE-2019-11098
https://bugzilla.suse.com/1188371
SUSE Bug 1188371

SUSE-SU-2023:0036-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Real Time 15 SP3

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Manager Proxy 4.2

SUSE Manager Retail Branch Server 4.2

SUSE Manager Server 4.2

openSUSE Leap Micro 5.2

Ссылки

Уязвимость: CVE-2019-11098

Описание

Затронутые продукты

Ссылки