exploitDog

SUSE-SU-2022:2654-1

Опубликовано: 03 авг. 2022

Источник: suse-cvrf

Описание

Security update for u-boot

This update for u-boot fixes the following issues:

CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214).

Список пакетов

SUSE Enterprise Storage 7

u-boot-rpiarm64-2020.01-150200.10.15.1

u-boot-rpiarm64-doc-2020.01-150200.10.15.1

u-boot-tools-2020.01-150200.10.15.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

u-boot-rpiarm64-2020.01-150200.10.15.1

u-boot-rpiarm64-doc-2020.01-150200.10.15.1

u-boot-tools-2020.01-150200.10.15.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

u-boot-rpiarm64-2020.01-150200.10.15.1

u-boot-rpiarm64-doc-2020.01-150200.10.15.1

u-boot-tools-2020.01-150200.10.15.1

SUSE Linux Enterprise Server 15 SP2-BCL

u-boot-tools-2020.01-150200.10.15.1

SUSE Linux Enterprise Server 15 SP2-LTSS

u-boot-rpiarm64-2020.01-150200.10.15.1

u-boot-rpiarm64-doc-2020.01-150200.10.15.1

u-boot-tools-2020.01-150200.10.15.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

u-boot-tools-2020.01-150200.10.15.1

SUSE Manager Proxy 4.1

u-boot-tools-2020.01-150200.10.15.1

SUSE Manager Retail Branch Server 4.1

u-boot-tools-2020.01-150200.10.15.1

SUSE Manager Server 4.1

u-boot-tools-2020.01-150200.10.15.1

openSUSE Leap 15.3

u-boot-xilinxzynqmpgeneric-2020.01-150200.10.15.1

u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.15.1

openSUSE Leap 15.4

u-boot-xilinxzynqmpgeneric-2020.01-150200.10.15.1

u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.15.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222654-1/
Link for SUSE-SU-2022:2654-1
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011763.html
E-Mail link for SUSE-SU-2022:2654-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201214
SUSE Bug 1201214
https://www.suse.com/security/cve/CVE-2022-34835/
SUSE CVE CVE-2022-34835 page

Описание

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.

Затронутые продукты

SUSE Enterprise Storage 7:u-boot-rpiarm64-2020.01-150200.10.15.1

SUSE Enterprise Storage 7:u-boot-rpiarm64-doc-2020.01-150200.10.15.1

SUSE Enterprise Storage 7:u-boot-tools-2020.01-150200.10.15.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:u-boot-rpiarm64-2020.01-150200.10.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-34835.html
CVE-2022-34835
https://bugzilla.suse.com/1201214
SUSE Bug 1201214