Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:4254-1

Опубликовано: 22 дек. 2018
Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

Security issues fixed:

  • CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916).
  • CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917).
  • CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917).
  • CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917).
  • CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917).
  • CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Список пакетов

openSUSE Leap 42.3
ovmf-2017+git1492060560.b6d11d7c46-13.1
ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
qemu-ovmf-x86_64-debug-2017+git1492060560.b6d11d7c46-13.1

Ссылки

Описание

Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Затронутые продукты
openSUSE Leap 42.3:ovmf-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

Затронутые продукты
openSUSE Leap 42.3:ovmf-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

Затронутые продукты
openSUSE Leap 42.3:ovmf-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Затронутые продукты
openSUSE Leap 42.3:ovmf-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

Затронутые продукты
openSUSE Leap 42.3:ovmf-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
Ссылки

Описание

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Затронутые продукты
openSUSE Leap 42.3:ovmf-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
openSUSE Leap 42.3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
Ссылки
Уязвимость openSUSE-SU-2018:4254-1