Overview

File _patchinfo of Package patchinfo.28857

<patchinfo incident="28857">
  <issue tracker="cve" id="2019-14560"/>
  <issue tracker="cve" id="2021-38578"/>
  <issue tracker="bnc" id="1196741">VUL-0: CVE-2021-38578: ovmf: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.</issue>
  <issue tracker="bnc" id="1174246">VUL-0: CVE-2019-14560: ovmf: improper check of GetEfiGlobalVariable2() return can potentially lead to to secure boot bypass</issue>
  <issue tracker="bnc" id="1205613">win 2k22 UEFI xen VMs  cannot boot in xen after upgrade</issue>
  <packager>joeyli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ovmf</summary>
  <description>This update for ovmf fixes the following issues:

- CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741).
- CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246).
- revert a patch to fix xen boot problems (bsc#1205613)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places