Security update for ovmf

SUSE Security Update: Security update for ovmf
Announcement ID: SUSE-SU-2018:2158-1
Rating: moderate
References: #1077330 #1094290 #1094291
Affected Products:
  • SUSE Linux Enterprise Server 12-SP3

  • An update that solves one vulnerability and has two fixes is now available.

    Description:

    This update for ovmf provide the following fix:

    Security issues fixed:

    - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types
    recursive definition depth (bsc#1094290, bsc#1094291).

    Bug fixes:

    - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to
    provide the better compatibility. (bsc#1077330)

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 12-SP3:
      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1470=1

    Package List:

    • SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64):
      • ovmf-2017+git1492060560.b6d11d7c46-4.9.4
      • ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4
    • SUSE Linux Enterprise Server 12-SP3 (noarch):
      • qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4
      • qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4

    References: