Описание
Security update for u-boot
This update for u-boot fixes the following issues:
- CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214).
Список пакетов
SUSE Enterprise Storage 6
u-boot-rpi3-2019.01-150100.7.16.1
u-boot-tools-2019.01-150100.7.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
u-boot-rpi3-2019.01-150100.7.16.1
u-boot-tools-2019.01-150100.7.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
u-boot-rpi3-2019.01-150100.7.16.1
u-boot-tools-2019.01-150100.7.16.1
SUSE Linux Enterprise Server 15 SP1-BCL
u-boot-tools-2019.01-150100.7.16.1
SUSE Linux Enterprise Server 15 SP1-LTSS
u-boot-rpi3-2019.01-150100.7.16.1
u-boot-tools-2019.01-150100.7.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
u-boot-tools-2019.01-150100.7.16.1
Ссылки
- Link for SUSE-SU-2022:2667-1
- E-Mail link for SUSE-SU-2022:2667-1
- SUSE Security Ratings
- SUSE Bug 1201214
- SUSE CVE CVE-2022-34835 page
Описание
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Затронутые продукты
SUSE Enterprise Storage 6:u-boot-rpi3-2019.01-150100.7.16.1
SUSE Enterprise Storage 6:u-boot-tools-2019.01-150100.7.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:u-boot-rpi3-2019.01-150100.7.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:u-boot-tools-2019.01-150100.7.16.1
Ссылки
- CVE-2022-34835
- SUSE Bug 1201214