Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE: 2018:4254-1 Moderate: Security Update for ovmf

opensuse
Calendar Grey December 22, 2018
Dist Opensuse Esm H88
openSUSE has released an update addressing 6 security vulnerabilities in ovmf, classifying them with a moderate severity level and recommending specific patching procedures for users.
An update that fixes 6 vulnerabilities is now available.

Description

This update for ovmf fixes the following issues:

Security issues fixed:

- CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on

APPEND_WRITE (bsc#1115916).

- CVE-2017-5731: Fixed privilege escalation via processing of malformed

files in TianoCompress.c (bsc#1115917).

- CVE-2017-5732: Fixed privilege escalation via processing of malformed

files in BaseUefiDecompressLib.c (bsc#1115917).

- CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow

in MakeTable() function (bsc#1115917).

- CVE-2017-5734: Fixed privilege escalation via stack-based buffer

overflow in MakeTable() function (bsc#1115917).

- CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow

in Decode() function (bsc#1115917).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1591=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

ovmf-2017+git1492060560.b6d11d7c46-13.1

ovmf-tools-2017+git1492060560.b6d11d7c46-13.1

- openSUSE Leap 42.3 (noarch):

qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1

qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1

- openSUSE Leap 42.3 (x86_64):

qemu-ovmf-x86_64-debug-2017+git1492060560.b6d11d7c46-13.1

References

https://www.suse.com/security/cve/CVE-2017-5731.html

https://www.suse.com/security/cve/CVE-2017-5732.html

https://www.suse.com/security/cve/CVE-2017-5733.html

https://www.suse.com/security/cve/CVE-2017-5734.html

https://www.suse.com/security/cve/CVE-2017-5735.html

https://www.suse.com/security/cve/CVE-2018-3613.html

https://bugzilla.suse.com/1115916

https://bugzilla.suse.com/1115917

--

Announcement ID: openSUSE-SU-2018:4254-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here