Описание
Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267).
- CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1
ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1
qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1
qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.16.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1172-1
- SUSE Security Ratings
- SUSE Bug 1128503
- SUSE Bug 1130267
- SUSE CVE CVE-2018-12181 page
- SUSE CVE CVE-2019-0160 page
Описание
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1
Ссылки
- CVE-2018-12181
- SUSE Bug 1128503
Описание
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
Затронутые продукты
openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1
openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1
openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1
openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1
Ссылки
- CVE-2019-0160
- SUSE Bug 1130267