SUSE-SU-2020:0495-1 -- SLES ovmfID: oval:org.secpod.oval:def:89003017 | Date: (C)2021-02-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth . - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation . - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code . - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler . Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility
Platform: |
SUSE Linux Enterprise Server 12 SP2 |