ALT Linux Team

Package edk2 update in sisyphus on 2019-04-03

ALT-PU-2019-1581-1

Package edk2 updated to version 20190308-alt1 for branch sisyphus in task 226426.

Closed vulnerabilities

Published: 2018-07-02

BDU:2019-01290

Уязвимость библиотеки Tianocore edk2, вызванная недостаточной проверкой вводимых пользователем данных, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
References:
Published: 2018-02-07

BDU:2019-01291

Уязвимость службы BlockIo библиотеки Tianocore edk2, позволяющая нарушителю повысить свои привилегии, раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: HIGH (8.3) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
References:
Published: 2019-03-27
Modified: 2024-11-21

CVE-2018-12178

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2019-03-27
Modified: 2024-11-21

CVE-2018-12180

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-03-27
Modified: 2024-11-21

CVE-2018-12181

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

Severity: MEDIUM (6.0) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2019-10-28
Modified: 2023-11-07

CVE-2018-3630

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top