Ubuntu 16.04 LTS / 18.04 LTS : EDK II vulnerabilities (USN-6920-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6920-1 advisory. It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An...

Ubuntu: Security Advisory (USN-6920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6920-1: EDK II vulnerabilities

It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. CVE-2017-5731 It was discovered that EDK II had an insufficient...

Oracle Linux 7 : edk2 (ELSA-2019-4785)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4785 advisory. 1:1.2-5.el7 - Update spec file to remove 'modprobe kvm-intel' and remove --enable-kvm arg to ovmfvarsgenerator so qemu will not require kvm kernel...

SUSE: Security Advisory (SUSE-SU-2018:4155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:4207-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-5731

Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2017-5731

CVE-2017-5731 is referenced across multiple advisories in connected documents, notably in EDK II/TianoCompress code where bounds checking in Tianocompress before 2017-11-07 could allow an authenticated local attacker to escalate privileges. The Ubuntu USN-6920-1 entry explicitly lists CVE-2017-57...

OVMF security update

CentOS Errata and Security Advisory CESA-2019:2125 An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : ovmf (CESA-2019:2125)

An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Scientific Linux Security Update : ovmf on 7.x (noarch) (2019:2125)

The remote Scientific Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the SLSA-2019:2125-1 advisory. Security Fixes: edk2: Privilege escalation via processing of malformed files in TianoCompress.c CVE-2017-5731 edk2: Privilege escalation via...

Important: edk2

Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...

openSUSE Security Update : ovmf (openSUSE-2019-1017)

This update for ovmf fixes the following issues : Security issues fixed : - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. - CVE-2017-5732: Fixed...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2018:4155-1)

This update for ovmf fixes the following issues : Security issues fixed : CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. CVE-2017-5732: Fixed privilege...

openSUSE Security Update : ovmf (openSUSE-2018-1591)

This update for ovmf fixes the following issues : Security issues fixed : - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. - CVE-2017-5732: Fixed...

openSUSE Security Update : ovmf (openSUSE-2018-1590)

This update for ovmf fixes the following issues : Security issues fixed : - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. - CVE-2017-5732: Fixed...

openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:4254-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:4240-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for ovmf (moderate)

This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. - CVE-2017-5732: Fixed...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:4207-1)

This update for ovmf fixes the following issues : Security issues fixed : CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. CVE-2017-5732: Fixed privilege...