Overview

File _patchinfo of Package patchinfo.9804

<patchinfo incident="9804">
  <issue tracker="bnc" id="1127820">VUL-0: CVE-2018-12180: OVMF: Buffer Overflow in BlockIo service for RAM disk</issue>
  <issue tracker="bnc" id="1127821">CVE-2018-12178: OVMF: DNS should check the received packet size before using</issue>
  <issue tracker="bnc" id="1127822">CVE-2018-3630: OVMF: Logic error in FV parsing</issue>
  <issue tracker="cve" id="2018-12180"/>
  <issue tracker="cve" id="2018-3630"/>
  <issue tracker="cve" id="2018-12178"/>
  <category>security</category>
  <rating>important</rating>
  <packager>gary_lin</packager>
  <description>This update for ovmf fixes the following issues:

Security issues fixed: 

- CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead 
  to memory read/write overrun (bsc#1127820).
- CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821).
- CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to 
  bypass the chain of trust checks (bsc#1127822).

This update was imported from the SUSE:SLE-15:Update update project.</description>
  <summary>Security update for ovmf</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places