13 matches found
Oracle Linux 7 : edk2 (ELSA-2019-4785)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4785 advisory. 1:1.2-5.el7 - Update spec file to remove 'modprobe kvm-intel' and remove --enable-kvm arg to ovmfvarsgenerator so qemu will not require kvm kernel...
Ubuntu 16.04 LTS / 18.04 LTS : EDK II vulnerabilities (USN-4349-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4349-1 advisory. A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of...
Ubuntu: Security Advisory (USN-4349-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4349-1: EDK II vulnerabilities
A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. CVE-2018-12178 A buffer overflow was discovered in BlockIo service. An...
USN-4349-1 edk2 vulnerabilities
A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. CVE-2018-12178 A buffer overflow was discovered in BlockIo service. An...
Important: edk2
Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...
Security fix for the ALT Linux 10 package edk2 version 20190308-alt1
April 2, 2019 Alexey Shabalin 20190308-alt1 - edk2-stable201903 Fixes: CVE-2018-12178, CVE-2018-12180, CVE-2018-12181, CVE-2018-3630...
openSUSE Security Update : ovmf (openSUSE-2019-1083)
This update for ovmf fixes the following issues : Security issues fixed : - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun bsc1127820. - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet bsc1127821. -...
Security update for ovmf (important)
openSUSE Security Update: Security update for ovmf Announcement ID: openSUSE-SU-2019:1083-1 Rating: important References: 1127820 1127821 1127822 Cross-References: CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...
CVE-2018-12178
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network...
CVE-2018-12178
CVE-2018-12178 is a buffer overflow in the EDK II network stack that could allow a remote attacker to escalate privileges or cause a denial of service via network input. Public advisories reference this CVE among multiple EDK II issues affecting Linux distributions (e.g., Ubuntu USN-4349-1 for 16...
openSUSE: Security Advisory for ovmf (openSUSE-SU-2019:0348-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2019:0580-1)
This update for ovmf fixes the following issues : Security issues fixed : CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun bsc1127820. CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet bsc1127821. CVE-2018-3630:...