SUSE-SU-2025:03096-1

Опубликовано: 08 сент. 2025

Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

CVE-2023-45229: Fixed integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (bsc#1218879)
CVE-2023-45230: Fixed buffer overflow in the DHCPv6 client via a long Server ID option (bsc#1218880)

Список пакетов

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6

ovmf-202308-15061.8.coco15sp6.1

ovmf-tools-202308-15061.8.coco15sp6.1

qemu-ovmf-x86_64-202308-15061.8.coco15sp6.1

qemu-ovmf-x86_64-debug-202308-15061.8.coco15sp6.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202503096-1/
Link for SUSE-SU-2025:03096-1
https://lists.suse.com/pipermail/sle-updates/2025-September/041538.html
E-Mail link for SUSE-SU-2025:03096-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218879
SUSE Bug 1218879
https://bugzilla.suse.com/1218880
SUSE Bug 1218880
https://www.suse.com/security/cve/CVE-2023-45229/
SUSE CVE CVE-2023-45229 page
https://www.suse.com/security/cve/CVE-2023-45230/
SUSE CVE CVE-2023-45230 page

Описание

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Затронутые продукты

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:ovmf-202308-15061.8.coco15sp6.1

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:ovmf-tools-202308-15061.8.coco15sp6.1

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:qemu-ovmf-x86_64-202308-15061.8.coco15sp6.1

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:qemu-ovmf-x86_64-debug-202308-15061.8.coco15sp6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45229.html
CVE-2023-45229
https://bugzilla.suse.com/1218879
SUSE Bug 1218879

Описание

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Затронутые продукты

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:ovmf-202308-15061.8.coco15sp6.1

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:ovmf-tools-202308-15061.8.coco15sp6.1

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:qemu-ovmf-x86_64-202308-15061.8.coco15sp6.1

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:qemu-ovmf-x86_64-debug-202308-15061.8.coco15sp6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45230.html
CVE-2023-45230
https://bugzilla.suse.com/1218880
SUSE Bug 1218880

SUSE-SU-2025:03096-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6

Ссылки

Уязвимость: CVE-2023-45229

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-45230

Описание

Затронутые продукты

Ссылки