Описание
Security update for u-boot
This update for u-boot fixes the following issues:
- CVE-2022-30790: Fixed an arbitrary out-of-bounds write in the IP defragmentation (bsc#1200364).
- CVE-2022-30552: Fixed an out-of-bounds write in the IP defragmentation (bsc#1200363).
- CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
u-boot-rpi3-2018.03-150000.4.11.1
u-boot-tools-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
u-boot-rpi3-2018.03-150000.4.11.1
u-boot-tools-2018.03-150000.4.11.1
SUSE Linux Enterprise Server 15-LTSS
u-boot-rpi3-2018.03-150000.4.11.1
u-boot-tools-2018.03-150000.4.11.1
SUSE Linux Enterprise Server for SAP Applications 15
u-boot-tools-2018.03-150000.4.11.1
Ссылки
- Link for SUSE-SU-2022:2584-1
- E-Mail link for SUSE-SU-2022:2584-1
- SUSE Security Ratings
- SUSE Bug 1200363
- SUSE Bug 1200364
- SUSE Bug 1201214
- SUSE CVE CVE-2022-30552 page
- SUSE CVE CVE-2022-30790 page
- SUSE CVE CVE-2022-34835 page
Описание
Das U-Boot 2022.01 has a Buffer Overflow.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-150000.4.11.1
Ссылки
- CVE-2022-30552
- SUSE Bug 1200363
Описание
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-150000.4.11.1
Ссылки
- CVE-2022-30790
- SUSE Bug 1200364
Описание
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-150000.4.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-150000.4.11.1
Ссылки
- CVE-2022-34835
- SUSE Bug 1201214