Описание
Security update for ipmitool
This update for ipmitool fixes the following issues:
- CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities (bsc#1163026).
- picmg discover messages are now DEBUG and not INFO messages (bsc#1085469).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
ipmitool-1.8.18-4.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
ipmitool-1.8.18-4.3.1
SUSE Linux Enterprise Server 15-LTSS
ipmitool-1.8.18-4.3.1
SUSE Linux Enterprise Server for SAP Applications 15
ipmitool-1.8.18-4.3.1
Ссылки
- Link for SUSE-SU-2020:0617-1
- E-Mail link for SUSE-SU-2020:0617-1
- SUSE Security Ratings
- SUSE Bug 1085469
- SUSE Bug 1163026
- SUSE CVE CVE-2020-5208 page
Описание
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:ipmitool-1.8.18-4.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:ipmitool-1.8.18-4.3.1
SUSE Linux Enterprise Server 15-LTSS:ipmitool-1.8.18-4.3.1
SUSE Linux Enterprise Server for SAP Applications 15:ipmitool-1.8.18-4.3.1
Ссылки
- CVE-2020-5208
- SUSE Bug 1163026