SUSE: 2020:0495-1 Moderate: ovmf Memory Leak and Signature Issues
suse
February 26, 2020
An update that solves four vulnerabilities and has one errata is now available
Summary
This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291). - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Topics Covered
References
#1077330 #1094291 #1163927 #1163959 #1163969
Cross- CVE-2018-0739 CVE-2019-14559 CVE-2019-14563
CVE-2019-14575
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
https://www.suse.com/security/cve/CVE-2018-0739.html
https://www.suse.com/security/cve/CVE-2019-14559.html
https://www.suse.com/security/cve/CVE-2019-14563.html
https://www.suse.com/security/cve/CVE-2019-14575.html
https://bugzilla.suse.com/1077330
https://bugzilla.suse.com/1094291
https://bugzilla.suse.com/1163927
https://bugzilla.suse.com/1163959
https://bugzilla.suse.com/1163969
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:0495-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!