Описание
Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959).
- CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences (bsc#1153072).
- CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927).
- CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969).
- Enabled HTTPS-over-IPv6 (bsc#1153072).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
ovmf-tools-2017+git1510945757.b2662641d5-lp151.11.3.1
qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp151.11.3.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp151.11.3.1
qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp151.11.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0314-1
- SUSE Security Ratings
- SUSE Bug 1153072
- SUSE Bug 1163927
- SUSE Bug 1163959
- SUSE Bug 1163969
- SUSE CVE CVE-2019-14553 page
- SUSE CVE CVE-2019-14559 page
- SUSE CVE CVE-2019-14563 page
- SUSE CVE CVE-2019-14575 page
Описание
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
Затронутые продукты
openSUSE Leap 15.1:ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:ovmf-tools-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp151.11.3.1
Ссылки
- CVE-2019-14553
- SUSE Bug 1153072
Описание
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
Затронутые продукты
openSUSE Leap 15.1:ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:ovmf-tools-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp151.11.3.1
Ссылки
- CVE-2019-14559
- SUSE Bug 1163927
Описание
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
Затронутые продукты
openSUSE Leap 15.1:ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:ovmf-tools-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp151.11.3.1
Ссылки
- CVE-2019-14563
- SUSE Bug 1163959
Описание
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
Затронутые продукты
openSUSE Leap 15.1:ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:ovmf-tools-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp151.11.3.1
openSUSE Leap 15.1:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp151.11.3.1
Ссылки
- CVE-2019-14575
- SUSE Bug 1163969