Описание
Security update for u-boot
This update for u-boot fixes the following issues:
- CVE-2020-8432: Fixed a double free in the cmd/gpt.c do_rename_gpt_parts() function, which allowed an attacker to execute arbitrary code (bsc#1162198)
- CVE-2020-10648: Fixed improper signature verification during verified boot (bsc#1167209).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
u-boot-tools-2020.01-lp152.9.9.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1869-1
- SUSE Security Ratings
- SUSE Bug 1162198
- SUSE Bug 1167209
- SUSE CVE CVE-2020-10648 page
- SUSE CVE CVE-2020-8432 page
Описание
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Затронутые продукты
openSUSE Leap 15.2:u-boot-tools-2020.01-lp152.9.9.1
Ссылки
- CVE-2020-10648
- SUSE Bug 1167209
Описание
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
Затронутые продукты
openSUSE Leap 15.2:u-boot-tools-2020.01-lp152.9.9.1
Ссылки
- CVE-2020-8432
- SUSE Bug 1162198