CVE-2019-0160: OVMF: overflows with long file names and invalid UDF media

Bug #1849205 reported by Bruce Jones on 2019-10-21
278
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
High
Robin Lu

Bug Description

CVE-2019-0160
status : fixed
cvss2Score : 7.5
Attack Vector: N
Access Complexity : L
Autentication: N
Availability Impact :P
Affected packages:
['OVMF', 'openssl', 'openssl-libs']
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
https://nvd.nist.gov/vuln/detail/CVE-2019-0160

CVE References

Bruce Jones (brucej) on 2019-10-21
tags: added: stx.security
Bruce Jones (brucej) on 2019-10-21
Changed in starlingx:
importance: Undecided → High
tags: added: stx.3.0
Ghada Khalil (gkhalil) wrote :

This CVE meets the fix criteria for StarlingX. Therefore, it needs to be fixed in master for stx.3.0 and then cherry-picked to r/stx.2.0.

summary: - Fix CVE-2019-0160
+ CVE-2019-0160: OVMF: overflows with long file names and invalid UDF
+ media
tags: added: stx.2.0
Ghada Khalil (gkhalil) on 2019-10-21
Changed in starlingx:
status: New → Triaged
Cindy Xie (xxie1) on 2019-10-22
Changed in starlingx:
assignee: nobody → Cindy Xie (xxie1)
Lin Shuicheng (shuicheng) wrote :

Here is the link from Redhat:
https://access.redhat.com/errata/RHSA-2019:2125

Below rpm need be upgraded to fix the issue:
./rpms_centos3rdparties.lst:94:OVMF-20150414-2.gitc9e5618.el7.noarch.rpm

upgraded to:
OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm

Robin Lu (robinlu) on 2019-11-18
Changed in starlingx:
assignee: Cindy Xie (xxie1) → Robin Lu (robinlu)
Ghada Khalil (gkhalil) on 2019-11-22
information type: Private Security → Public Security
Changed in starlingx:
status: Triaged → In Progress

Reviewed: https://review.opendev.org/693759
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=1d33f5ae60201a6d1baba026a6503ea43843b3ab
Submitter: Zuul
Branch: master

commit 1d33f5ae60201a6d1baba026a6503ea43843b3ab
Author: Robin Lu <email address hidden>
Date: Mon Nov 11 16:47:49 2019 +0800

    Update OVMF rpm, due to CVE bug.

    CVE bug: CVE-2019-0160
    The updated rpm is selected from the below link.
    https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006035.html

    Tests:
    simplex, duplex, multi-node

    Closes-Bug: 1849205

    Change-Id: Ifdbbd82de912488af201f028a65c679acc204ed9
    Signed-off-by: Robin Lu <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil) wrote :

@Robin, please cherrypick this change to r/stx.3.0

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers