Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2023-45231: Fixed out of bounds read when handling a ND Redirect message with truncated options (bsc#1218881).
- CVE-2023-45232: Fixed infinite loop when parsing unknown options in the Destination Options header (bsc#1218882).
- CVE-2023-45233: Fixed infinite loop when parsing a PadN option in the Destination Options header (bsc#1218883).
- CVE-2023-45234: Fixed buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (bsc#1218884).
- CVE-2023-45235: Fixed buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (bsc#1218885).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2026:0196-1
- E-Mail link for SUSE-SU-2026:0196-1
- SUSE Security Ratings
- SUSE Bug 1218881
- SUSE Bug 1218882
- SUSE Bug 1218883
- SUSE Bug 1218884
- SUSE Bug 1218885
- SUSE CVE CVE-2023-45231 page
- SUSE CVE CVE-2023-45232 page
- SUSE CVE CVE-2023-45233 page
- SUSE CVE CVE-2023-45234 page
- SUSE CVE CVE-2023-45235 page
Описание
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
Затронутые продукты
Ссылки
- CVE-2023-45231
- SUSE Bug 1218881
Описание
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
Затронутые продукты
Ссылки
- CVE-2023-45232
- SUSE Bug 1218882
Описание
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
Затронутые продукты
Ссылки
- CVE-2023-45233
- SUSE Bug 1218883
Описание
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Затронутые продукты
Ссылки
- CVE-2023-45234
- SUSE Bug 1218884
Описание
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Затронутые продукты
Ссылки
- CVE-2023-45235
- SUSE Bug 1218885