Overview
Security update for ovmf

This update for ovmf fixes the following issues:

Security issues fixed:

- CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916).
- CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917).
- CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917).
- CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Fixed bugs
bnc#1115917
VUL-0: ovmf: Improper bounds checking within Ueficompress
bnc#1115916
VUL-0: CVE-2018-3613: ovmf: AuthVariable Timestamp zeroing issue on APPEND_WRITE
CVE-2017-5733
CVE-2017-5732
CVE-2017-5731
CVE-2017-5735
CVE-2017-5734
CVE-2018-3613
Selected Binaries
openSUSE Build Service is sponsored by
Places