{"id":"RHSA-2019:2125","summary":"Red Hat Security Advisory: ovmf security and enhancement update","modified":"2026-03-20T10:30:33.115913Z","published":"2024-09-16T02:06:51Z","upstream":["CVE-2017-5731","CVE-2017-5732","CVE-2017-5733","CVE-2017-5734","CVE-2017-5735","CVE-2018-12181","CVE-2018-3613","CVE-2018-5407","CVE-2019-0160","CVE-2019-0161"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2125"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1641433"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1641442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1641446"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1641450"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1641458"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1641465"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645695"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1686783"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691640"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694065"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2125.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-5731"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-5731"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5731"},{"type":"ARTICLE","url":"https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-5732"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-5732"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5732"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-5733"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-5733"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5733"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-5734"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-5734"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5734"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-5735"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-5735"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5735"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-3613"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-3613"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3613"},{"type":"ARTICLE","url":"https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-5407"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-5407"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5407"},{"type":"ARTICLE","url":"https://github.com/bbbrumley/portsmash"},{"type":"ARTICLE","url":"https://www.openssl.org/news/secadv/20181112.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-12181"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-12181"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12181"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-0160"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-0160"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0160"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-0161"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-0161"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0161"},{"type":"ARTICLE","url":"https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"}],"affected":[{"package":{"name":"OVMF","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/OVMF"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:20180508-6.gitee3198e672e2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2125.json"}},{"package":{"name":"ovmf","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/ovmf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:20180508-6.gitee3198e672e2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2125.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}