Overview

File _patchinfo of Package patchinfo.18798

<patchinfo incident="18798">
  <issue tracker="bnc" id="1183579">VUL-0: CVE-2021-28210: ovmf: unlimited FV recursion, round 2</issue>
  <issue tracker="bnc" id="1183578">VUL-0: CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo</issue>
  <issue tracker="bnc" id="1186151">VUL-0: ovmf: NetworkPkg/IScsiDxe: remotely exploitable buffer overflows</issue>
  <issue tracker="cve" id="2021-28211"/>
  <issue tracker="cve" id="2021-28210"/>
  <packager>gary_lin</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ovmf</summary>
  <description>This update for ovmf fixes the following issues:

- Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
- CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578)
- CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places