Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:4240-1

Опубликовано: 22 дек. 2018
Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

Security issues fixed:

  • CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916).
  • CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917).
  • CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917).
  • CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917).
  • CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917).
  • CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917).

Non security issues fixed:

  • Fixed an issue with the default owner of PK/KEK/db/dbx and make the auto-enrollment only happen at the very first time. (bsc#1117998)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1

Ссылки

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
Ссылки

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
Ссылки

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
Ссылки

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
Ссылки

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
Ссылки

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1
Ссылки
Уязвимость openSUSE-SU-2018:4240-1