File _patchinfo of Package patchinfo.9469

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.9469

<patchinfo incident="9469">
  <issue tracker="bnc" id="1115917">VUL-0: ovmf: Improper bounds checking within Ueficompress</issue>
  <issue tracker="bnc" id="1115916">VUL-0: CVE-2018-3613: ovmf: AuthVariable Timestamp zeroing issue on APPEND_WRITE</issue>
  <issue tracker="bnc" id="1117998">Microsoft's SVVP HLK Secure Boot Logo Test fails with ovmf-x86_64-ms-4m-code.bin</issue>
  <issue tracker="cve" id="2017-5733"/>
  <issue tracker="cve" id="2017-5732"/>
  <issue tracker="cve" id="2017-5731"/>
  <issue tracker="cve" id="2017-5735"/>
  <issue tracker="cve" id="2017-5734"/>
  <issue tracker="cve" id="2018-3613"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>gary_lin</packager>
  <description>This update for ovmf fixes the following issues:

Security issues fixed:

- CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916).
- CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917).
- CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917).
- CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917).

Non security issues fixed:

- Fixed an issue with the default owner of PK/KEK/db/dbx and make the
  auto-enrollment only happen at the very first time. (bsc#1117998)
</description>
  <summary>Security update for ovmf</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.9469

Places