Security update for ovmf
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead
to memory read/write overrun (bsc#1127820).
- CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821).
- CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to
bypass the chain of trust checks (bsc#1127822).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Gary Ching-Pang Lin (gary_lin)
Fixed bugs
bnc#1127820
VUL-0: CVE-2018-12180: OVMF: Buffer Overflow in BlockIo service for RAM disk
bnc#1127821
CVE-2018-12178: OVMF: DNS should check the received packet size before using
bnc#1127822
CVE-2018-3630: OVMF: Logic error in FV parsing
