SUSE-SU-2025:03076-1

Опубликовано: 04 сент. 2025

Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

CVE-2023-45229: Fixed integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (bsc#1218879)
CVE-2023-45230: Fixed buffer overflow in the DHCPv6 client via a long Server ID option (bsc#1218880)

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS

ovmf-2017+git1510945757.b2662641d5-3.46.1

ovmf-tools-2017+git1510945757.b2662641d5-3.46.1

qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.46.1

qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

ovmf-2017+git1510945757.b2662641d5-3.46.1

ovmf-tools-2017+git1510945757.b2662641d5-3.46.1

qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.46.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202503076-1/
Link for SUSE-SU-2025:03076-1
https://lists.suse.com/pipermail/sle-updates/2025-September/041516.html
E-Mail link for SUSE-SU-2025:03076-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218879
SUSE Bug 1218879
https://bugzilla.suse.com/1218880
SUSE Bug 1218880
https://www.suse.com/security/cve/CVE-2023-45229/
SUSE CVE CVE-2023-45229 page
https://www.suse.com/security/cve/CVE-2023-45230/
SUSE CVE CVE-2023-45230 page

Описание

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5-LTSS:ovmf-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server 12 SP5-LTSS:ovmf-tools-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server 12 SP5-LTSS:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server 12 SP5-LTSS:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45229.html
CVE-2023-45229
https://bugzilla.suse.com/1218879
SUSE Bug 1218879

Описание

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5-LTSS:ovmf-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server 12 SP5-LTSS:ovmf-tools-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server 12 SP5-LTSS:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.46.1

SUSE Linux Enterprise Server 12 SP5-LTSS:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45230.html
CVE-2023-45230
https://bugzilla.suse.com/1218880
SUSE Bug 1218880

SUSE-SU-2025:03076-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2023-45229

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-45230

Описание

Затронутые продукты

Ссылки