StarlingX

Fix CVE-2019-0160

Bug #1849204 reported by Bruce Jones
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Ghada Khalil

Bug Description

CVE-2019-0160
status : fixed
cvss2Score : 7.5
Attack Vector: N
Access Complexity : L
Autentication: N
Availability Impact :P
Affected packages:
['OVMF', 'openssl', 'openssl-libs']
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
https://nvd.nist.gov/vuln/detail/CVE-2019-0160

CVE References

Revision history for this message
Ghada Khalil (gkhalil) wrote :

Appears to be opened in error - https://bugs.launchpad.net/starlingx/+bug/1849204 is reporting the same CVE vulnerability. Marking as a duplicate.

Revision history for this message
Ghada Khalil (gkhalil) wrote :

typo above. Duplicate of https://bugs.launchpad.net/starlingx/+bug/1849205

Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.2.0 stx.3.0 stx.security
Changed in starlingx:
assignee: nobody → Ghada Khalil (gkhalil)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Fixed in stx master and cherry-picked to r/stx.3.0.
The cherry-pick to r/stx.2.0 will be next.

See duplicate bug for commit details:
https://bugs.launchpad.net/starlingx/+bug/1849205

Changed in starlingx:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.