Описание
Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820).
- CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821).
- CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
ovmf-2017+git1510945757.b2662641d5-lp150.4.13.1
ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.13.1
qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.13.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.13.1
qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.13.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1083-1
- SUSE Security Ratings
- SUSE Bug 1127820
- SUSE Bug 1127821
- SUSE Bug 1127822
- SUSE CVE CVE-2018-12178 page
- SUSE CVE CVE-2018-12180 page
- SUSE CVE CVE-2018-3630 page
Описание
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.13.1
Ссылки
- CVE-2018-12178
- SUSE Bug 1127821
Описание
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.13.1
Ссылки
- CVE-2018-12180
- SUSE Bug 1127820
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.13.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.13.1
Ссылки
- CVE-2018-3630
- SUSE Bug 1127822