SUSE-SU-2020:0630-1

Опубликовано: 10 мар. 2020

Источник: suse-cvrf

Описание

Security update for ipmitool

This update for ipmitool fixes the following issues:

CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities (bsc#1163026).
picmg discover messages are now DEBUG and not INFO messages (bsc#1085469).

Список пакетов

HPE Helion OpenStack 8

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-Azure-SAP-BYOS

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-Azure-SAP-On-Demand

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-EC2-SAP-BYOS

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-EC2-SAP-On-Demand

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-GCE-SAP-BYOS

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-GCE-SAP-On-Demand

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

ipmitool-1.8.18-5.9.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

ipmitool-1.8.18-5.9.1

SUSE Enterprise Storage 5

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Desktop 12 SP4

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server 12 SP3-BCL

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server 12 SP3-LTSS

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server 12 SP4

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server 12 SP5

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

ipmitool-1.8.18-5.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

ipmitool-1.8.18-5.9.1

SUSE OpenStack Cloud 8

ipmitool-1.8.18-5.9.1

SUSE OpenStack Cloud Crowbar 8

ipmitool-1.8.18-5.9.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200630-1/
Link for SUSE-SU-2020:0630-1
https://lists.suse.com/pipermail/sle-security-updates/2020-March/006594.html
E-Mail link for SUSE-SU-2020:0630-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1085469
SUSE Bug 1085469
https://bugzilla.suse.com/1163026
SUSE Bug 1163026
https://www.suse.com/security/cve/CVE-2020-5208/
SUSE CVE CVE-2020-5208 page

Описание

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Затронутые продукты

HPE Helion OpenStack 8:ipmitool-1.8.18-5.9.1

Image SLES12-SP5-Azure-SAP-BYOS:ipmitool-1.8.18-5.9.1

Image SLES12-SP5-Azure-SAP-On-Demand:ipmitool-1.8.18-5.9.1

Image SLES12-SP5-EC2-SAP-BYOS:ipmitool-1.8.18-5.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-5208.html
CVE-2020-5208
https://bugzilla.suse.com/1163026
SUSE Bug 1163026

SUSE-SU-2020:0630-1

Описание

Список пакетов

HPE Helion OpenStack 8

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2020-5208

Описание

Затронутые продукты

Ссылки