Oval Definition:
oval:org.opensuse.security:def:82089
Revision Date
:
2020-02-26
Version
:
1
Title
:
Security update for ovmf (Moderate)
Description
:
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291). - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969).
Bug fixes:
- Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330)
Family
:
unix
Class
:
patch
Status
:
Reference(s)
:
1077330
1094291
1163927
1163959
1163969
CVE-2018-0739
CVE-2019-14559
CVE-2019-14563
CVE-2019-14575
SUSE-SU-2020:0495-1
Platform(s)
:
SUSE Linux Enterprise Server 12 SP2-LTSS
Product(s)
:
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND
Package Information
ovmf-2015+git1462940744.321151f-19.10.3 is installed
OR
ovmf-tools-2015+git1462940744.321151f-19.10.3 is installed
OR
qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3 is installed
BACK