Security update for ovmf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4240-1 Final 1 1 2018-12-22T12:33:29Z current 2018-12-22T12:33:29Z 2018-12-22T12:33:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ovmf This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). Non security issues fixed: - Fixed an issue with the default owner of PK/KEK/db/dbx and make the auto-enrollment only happen at the very first time. (bsc#1117998) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html E-Mail link for openSUSE-SU-2018:4240-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 as a component of openSUSE Leap 15.0 ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 as a component of openSUSE Leap 15.0 qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 as a component of openSUSE Leap 15.0 qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 as a component of openSUSE Leap 15.0 qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 as a component of openSUSE Leap 15.0 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5731 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html https://www.suse.com/security/cve/CVE-2017-5731.html CVE-2017-5731 https://bugzilla.suse.com/1115917 SUSE Bug 1115917 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5732 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html https://www.suse.com/security/cve/CVE-2017-5732.html CVE-2017-5732 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5733 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html https://www.suse.com/security/cve/CVE-2017-5733.html CVE-2017-5733 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5734 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html https://www.suse.com/security/cve/CVE-2017-5734.html CVE-2017-5734 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5735 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html https://www.suse.com/security/cve/CVE-2017-5735.html CVE-2017-5735 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-3613 openSUSE Leap 15.0:ovmf-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.9.1 openSUSE Leap 15.0:qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00055.html https://www.suse.com/security/cve/CVE-2018-3613.html CVE-2018-3613 https://bugzilla.suse.com/1115916 SUSE Bug 1115916