ovmf-202402-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14199-1 Final 1 1 2024-07-17T00:00:00Z current 2024-07-17T00:00:00Z 2024-07-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ovmf-202402-1.1 on GA media These are all security issues fixed in the ovmf-202402-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14199 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-45229/ SUSE CVE CVE-2023-45229 page https://www.suse.com/security/cve/CVE-2023-45230/ SUSE CVE CVE-2023-45230 page https://www.suse.com/security/cve/CVE-2023-45231/ SUSE CVE CVE-2023-45231 page https://www.suse.com/security/cve/CVE-2023-45232/ SUSE CVE CVE-2023-45232 page https://www.suse.com/security/cve/CVE-2023-45234/ SUSE CVE CVE-2023-45234 page https://www.suse.com/security/cve/CVE-2023-45235/ SUSE CVE CVE-2023-45235 page openSUSE Tumbleweed ovmf-202402-1.1 ovmf-tools-202402-1.1 qemu-ovmf-ia32-202402-1.1 qemu-ovmf-x86_64-202402-1.1 qemu-ovmf-x86_64-debug-202402-1.1 qemu-uefi-aarch32-202402-1.1 qemu-uefi-aarch64-202402-1.1 qemu-uefi-riscv64-202402-1.1 ovmf-202402-1.1 as a component of openSUSE Tumbleweed ovmf-tools-202402-1.1 as a component of openSUSE Tumbleweed qemu-ovmf-ia32-202402-1.1 as a component of openSUSE Tumbleweed qemu-ovmf-x86_64-202402-1.1 as a component of openSUSE Tumbleweed qemu-ovmf-x86_64-debug-202402-1.1 as a component of openSUSE Tumbleweed qemu-uefi-aarch32-202402-1.1 as a component of openSUSE Tumbleweed qemu-uefi-aarch64-202402-1.1 as a component of openSUSE Tumbleweed qemu-uefi-riscv64-202402-1.1 as a component of openSUSE Tumbleweed EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. CVE-2023-45229 openSUSE Tumbleweed:ovmf-202402-1.1 openSUSE Tumbleweed:ovmf-tools-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-ia32-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-debug-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch32-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch64-202402-1.1 openSUSE Tumbleweed:qemu-uefi-riscv64-202402-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45229.html CVE-2023-45229 https://bugzilla.suse.com/1218879 SUSE Bug 1218879 EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. CVE-2023-45230 openSUSE Tumbleweed:ovmf-202402-1.1 openSUSE Tumbleweed:ovmf-tools-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-ia32-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-debug-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch32-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch64-202402-1.1 openSUSE Tumbleweed:qemu-uefi-riscv64-202402-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45230.html CVE-2023-45230 https://bugzilla.suse.com/1218880 SUSE Bug 1218880 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. CVE-2023-45231 openSUSE Tumbleweed:ovmf-202402-1.1 openSUSE Tumbleweed:ovmf-tools-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-ia32-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-debug-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch32-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch64-202402-1.1 openSUSE Tumbleweed:qemu-uefi-riscv64-202402-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45231.html CVE-2023-45231 https://bugzilla.suse.com/1218881 SUSE Bug 1218881 EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. CVE-2023-45232 openSUSE Tumbleweed:ovmf-202402-1.1 openSUSE Tumbleweed:ovmf-tools-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-ia32-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-debug-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch32-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch64-202402-1.1 openSUSE Tumbleweed:qemu-uefi-riscv64-202402-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45232.html CVE-2023-45232 https://bugzilla.suse.com/1218882 SUSE Bug 1218882 EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. CVE-2023-45234 openSUSE Tumbleweed:ovmf-202402-1.1 openSUSE Tumbleweed:ovmf-tools-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-ia32-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-debug-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch32-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch64-202402-1.1 openSUSE Tumbleweed:qemu-uefi-riscv64-202402-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45234.html CVE-2023-45234 https://bugzilla.suse.com/1218884 SUSE Bug 1218884 EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. CVE-2023-45235 openSUSE Tumbleweed:ovmf-202402-1.1 openSUSE Tumbleweed:ovmf-tools-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-ia32-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-202402-1.1 openSUSE Tumbleweed:qemu-ovmf-x86_64-debug-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch32-202402-1.1 openSUSE Tumbleweed:qemu-uefi-aarch64-202402-1.1 openSUSE Tumbleweed:qemu-uefi-riscv64-202402-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45235.html CVE-2023-45235 https://bugzilla.suse.com/1218885 SUSE Bug 1218885