SUSE-SU-2022:2052-1

Опубликовано: 13 июн. 2022

Источник: suse-cvrf

Описание

Security update for u-boot

This update for u-boot fixes the following issues:

CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363)
CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364)
CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

u-boot-rpi3-2019.01-5.8.1

u-boot-tools-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

u-boot-rpi3-2019.01-5.8.1

u-boot-tools-2019.01-5.8.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222052-1/
Link for SUSE-SU-2022:2052-1
https://lists.suse.com/pipermail/sle-security-updates/2022-June/011267.html
E-Mail link for SUSE-SU-2022:2052-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199623
SUSE Bug 1199623
https://bugzilla.suse.com/1200363
SUSE Bug 1200363
https://bugzilla.suse.com/1200364
SUSE Bug 1200364
https://www.suse.com/security/cve/CVE-2022-30552/
SUSE CVE CVE-2022-30552 page
https://www.suse.com/security/cve/CVE-2022-30767/
SUSE CVE CVE-2022-30767 page
https://www.suse.com/security/cve/CVE-2022-30790/
SUSE CVE CVE-2022-30790 page

Описание

Das U-Boot 2022.01 has a Buffer Overflow.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.8.1

SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-30552.html
CVE-2022-30552
https://bugzilla.suse.com/1200363
SUSE Bug 1200363

Описание

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.8.1

SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-30767.html
CVE-2022-30767
https://bugzilla.suse.com/1199623
SUSE Bug 1199623

Описание

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.8.1

SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-30790.html
CVE-2022-30790
https://bugzilla.suse.com/1200364
SUSE Bug 1200364

SUSE-SU-2022:2052-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2022-30552

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-30767

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-30790

Описание

Затронутые продукты

Ссылки