エラータID: AXSA:2018-3368:02

Release date: 
Friday, November 2, 2018 - 07:40
Affected Channels: 
Asianux Server 7 for x86_64

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

The following packages have been upgraded to a later upstream version: ovmf (20180508). (BZ#1559542)

Security Fix(es):

* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).


Update packages.

Additional Info: 



  1. ovmf-20180508-3.gitee3198e672e2.el7.src.rpm
    MD5: aac02405bac4a722857bff17c58f129d
    SHA-256: ea09646a7d076bab5c3e9dde47ebd04be8f23c439421af6a98433942098294a9
    Size: 21.92 MB

Asianux Server 7 for x86_64
  1. OVMF-20180508-3.gitee3198e672e2.el7.noarch.rpm
    MD5: 8e09c2c80c7f971a033715630af2e613
    SHA-256: 1ce247b18e924c83a7d8b14bec0094e91f0e98946decbc028b1a7508e39c3269
    Size: 1.58 MB