SUSE-SU-2025:0690-1

Опубликовано: 24 фев. 2025

Источник: suse-cvrf

Описание

Security update for ovmf

This update for ovmf fixes the following issues:

PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

ovmf-202202-150400.5.18.1

ovmf-tools-202202-150400.5.18.1

qemu-ovmf-x86_64-202202-150400.5.18.1

qemu-uefi-aarch64-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

ovmf-202202-150400.5.18.1

ovmf-tools-202202-150400.5.18.1

qemu-ovmf-x86_64-202202-150400.5.18.1

qemu-uefi-aarch64-202202-150400.5.18.1

SUSE Linux Enterprise Micro 5.3

qemu-ovmf-x86_64-202202-150400.5.18.1

qemu-uefi-aarch64-202202-150400.5.18.1

SUSE Linux Enterprise Micro 5.4

qemu-ovmf-x86_64-202202-150400.5.18.1

qemu-uefi-aarch64-202202-150400.5.18.1

SUSE Linux Enterprise Server 15 SP4-LTSS

ovmf-202202-150400.5.18.1

ovmf-tools-202202-150400.5.18.1

qemu-ovmf-x86_64-202202-150400.5.18.1

qemu-uefi-aarch64-202202-150400.5.18.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

ovmf-202202-150400.5.18.1

ovmf-tools-202202-150400.5.18.1

qemu-ovmf-x86_64-202202-150400.5.18.1

SUSE Manager Proxy 4.3

ovmf-202202-150400.5.18.1

ovmf-tools-202202-150400.5.18.1

qemu-ovmf-x86_64-202202-150400.5.18.1

SUSE Manager Server 4.3

ovmf-202202-150400.5.18.1

ovmf-tools-202202-150400.5.18.1

qemu-ovmf-x86_64-202202-150400.5.18.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250690-1/
Link for SUSE-SU-2025:0690-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020425.html
E-Mail link for SUSE-SU-2025:0690-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1237084
SUSE Bug 1237084
https://www.suse.com/security/cve/CVE-2023-45236/
SUSE CVE CVE-2023-45236 page
https://www.suse.com/security/cve/CVE-2023-45237/
SUSE CVE CVE-2023-45237 page

Описание

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ovmf-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ovmf-tools-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-ovmf-x86_64-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-uefi-aarch64-202202-150400.5.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45236.html
CVE-2023-45236
https://bugzilla.suse.com/1218886
SUSE Bug 1218886

Описание

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ovmf-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ovmf-tools-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-ovmf-x86_64-202202-150400.5.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-uefi-aarch64-202202-150400.5.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45237.html
CVE-2023-45237
https://bugzilla.suse.com/1218887
SUSE Bug 1218887

SUSE-SU-2025:0690-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

Ссылки

Уязвимость: CVE-2023-45236

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-45237

Описание

Затронутые продукты

Ссылки