ALT Linux Team

Branch p9 update on 2019-08-02

2019-08-02

ALT-BU-2019-3841-1

Branch p9 update bulletin.

ALT-PU-2019-2355-1

Package edk2 updated to version 20190501-alt2 for branch p9 in task 235346.

Closed vulnerabilities

Published: 2019-03-27
Modified: 2024-11-21

CVE-2018-12182

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Severity: MEDIUM (6.7) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-2356-1

Package u-boot-tools updated to version 2019.07-alt1 for branch p9 in task 235355.

Closed vulnerabilities

Published: 2019-05-10
Modified: 2024-11-21

CVE-2019-11059

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-05-03
Modified: 2024-11-21

CVE-2019-11690

gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-07-29
Modified: 2024-11-21

CVE-2019-13103

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top