Security update for ovmf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1172-1 Final 1 1 2019-04-08T09:11:55Z current 2019-04-08T09:11:55Z 2019-04-08T09:11:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ovmf This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267). - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1172 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html E-Mail link for openSUSE-SU-2019:1172-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1128503 SUSE Bug 1128503 https://bugzilla.suse.com/1130267 SUSE Bug 1130267 https://www.suse.com/security/cve/CVE-2018-12181/ SUSE CVE CVE-2018-12181 page https://www.suse.com/security/cve/CVE-2019-0160/ SUSE CVE CVE-2019-0160 page openSUSE Leap 15.0 ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1 ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1 qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1 qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1 qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.16.1 ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1 as a component of openSUSE Leap 15.0 ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1 as a component of openSUSE Leap 15.0 qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1 as a component of openSUSE Leap 15.0 qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1 as a component of openSUSE Leap 15.0 qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.16.1 as a component of openSUSE Leap 15.0 Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. CVE-2018-12181 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.16.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html https://www.suse.com/security/cve/CVE-2018-12181.html CVE-2018-12181 https://bugzilla.suse.com/1128503 SUSE Bug 1128503 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. CVE-2019-0160 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.16.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html https://www.suse.com/security/cve/CVE-2019-0160.html CVE-2019-0160 https://bugzilla.suse.com/1130267 SUSE Bug 1130267