Stay Connected:

ELSA-2019-2125

ELSA-2019-2125 - ovmf security and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2019-08-13

Description


[20180508-6.gitee3198e672e2.el7]
- ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch [bz#1691479]
- ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch [bz#1691479]
- ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch [bz#1691647]
- ovmf-MdeModulePkg-UdfDxe-Refine-boundary-checks-for-file-.patch [bz#1691647]
- ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-the-read-of-F.patch [bz#1691647]
- ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-Component.patch [bz#1691647]
- ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-getting-v.patch [bz#1691647]
- ovmf-MdeModulePkg-UsbBusDxe-Fix-wrong-buffer-length-used-.patch [bz#1697534]
- Resolves: bz#1691479
(CVE-2018-12181 OVMF: edk2: Stack buffer overflow with corrupted BMP [rhel-7])
- Resolves: bz#1691647
(CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7])
- Resolves: bz#1697534
(CVE-2019-0161 ovmf: edk2: stack overflow in XHCI causing denial of service [rhel-7])

[20180508-5.gitee3198e672e2.el7]
- ovmf-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch [bz#1666586]
- ovmf-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch [bz#1666586]
- ovmf-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch [bz#1666586]
- ovmf-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch [bz#1666586]
- ovmf-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch [bz#1666586]
- ovmf-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch [bz#1666586]
- ovmf-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch [bz#1666586]
- ovmf-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch [bz#1684007]
- ovmf-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch [bz#1684007]
- ovmf-redhat-openssl-update-introduce-MOCK-shorthand-for-m.patch [bz#1650390]
- ovmf-redhat-openssl-update-enable-the-bootstrap-container.patch [bz#1650390]
- ovmf-redhat-consume-OpenSSL-1.1.0i-from-Fedora-28.patch [bz#1650390]
- ovmf-Upgrade-OpenSSL-to-1.1.0j.patch [bz#1650390]
- Resolves: bz#1650390
(CVE-2018-5407 OVMF: openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) [rhel-7])
- Resolves: bz#1666586
(CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7])
- Resolves: bz#1684007
(CVE-2018-12180 OVMF: edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-7.7])

[20180508-4.gitee3198e672e2.el7]
- ovmf-redhat-provide-firmware-descriptor-meta-files.patch [bz#1608599]
- Resolves: bz#1608599
([RHEL 7.7] RFE: provide firmware descriptor meta-files for OVMF)


Related CVEs


CVE-2018-5407
CVE-2017-5731
CVE-2017-5732
CVE-2017-5733
CVE-2017-5734
CVE-2017-5735
CVE-2018-12181
CVE-2019-0161
CVE-2018-3613
CVE-2019-0160

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) ovmf-20180508-6.gitee3198e672e2.el7.src.rpm286205c974841cfeea8a66f062d60947-
OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm45389902b619a1b2db753459631f1f69ELSA-2020-5861



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights