RHSA-2019:2125: Moderate: ovmf security and enhancement update

Published Aug 6, 2019
·
Updated

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.<br>Security Fix(es):<br><li> edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)</li> <li> edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)</li> <li> edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)</li> <li> edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)</li> <li> edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)</li> <li> edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)</li> <li> openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)</li> <li> edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)</li> <li> edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)</li> <li> edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Affected Software

1 affected componentFixes available
redhat/ovmf<20180508-6.gitee3198e672e2.el7
20180508-6.gitee3198e672e2.el7

Remediation

Event History

Jul 6, 2024
Advisory Published
via Red Hat·12:55 AM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of RHSA-2019:2125?

The severity of RHSA-2019:2125 is classified as important due to the potential for privilege escalation.

2

How do I fix the vulnerability RHSA-2019:2125?

To fix RHSA-2019:2125, update the ovmf package to version 20180508-6.gitee3198e672e2.el7 or later.

3

What systems are affected by RHSA-2019:2125?

RHSA-2019:2125 affects systems running the ovmf package on Red Hat Enterprise Linux 7.

4

What specific issue does RHSA-2019:2125 address?

RHSA-2019:2125 addresses a privilege escalation vulnerability resulting from processing malformed files in TianoCompress.c.

5

Is RHSA-2019:2125 related to UEFI support in virtual machines?

Yes, RHSA-2019:2125 relates to UEFI support provided by the OVMF project for virtual machines.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203