Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578)
- CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
ovmf-201911-lp152.6.11.1
ovmf-tools-201911-lp152.6.11.1
qemu-ovmf-ia32-201911-lp152.6.11.1
qemu-ovmf-x86_64-201911-lp152.6.11.1
qemu-ovmf-x86_64-debug-201911-lp152.6.11.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0495-1
- SUSE Security Ratings
- SUSE Bug 1183578
- SUSE Bug 1183579
- SUSE CVE CVE-2021-28210 page
- SUSE CVE CVE-2021-28211 page
Описание
An unlimited recursion in DxeCore in EDK II.
Затронутые продукты
openSUSE Leap 15.2:ovmf-201911-lp152.6.11.1
openSUSE Leap 15.2:ovmf-tools-201911-lp152.6.11.1
openSUSE Leap 15.2:qemu-ovmf-ia32-201911-lp152.6.11.1
openSUSE Leap 15.2:qemu-ovmf-x86_64-201911-lp152.6.11.1
Ссылки
- CVE-2021-28210
- SUSE Bug 1183579
Описание
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
Затронутые продукты
openSUSE Leap 15.2:ovmf-201911-lp152.6.11.1
openSUSE Leap 15.2:ovmf-tools-201911-lp152.6.11.1
openSUSE Leap 15.2:qemu-ovmf-ia32-201911-lp152.6.11.1
openSUSE Leap 15.2:qemu-ovmf-x86_64-201911-lp152.6.11.1
Ссылки
- CVE-2021-28211
- SUSE Bug 1183578