Описание
Security update for v4l2loopback
This update for v4l2loopback fixes the following issues:
- Fix string format vulnerability (boo#1202156, CVE-2022-2652)
Список пакетов
openSUSE Leap 15.3
v4l2loopback-autoload-0.12.5-lp153.2.5.1
v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-utils-0.12.5-lp153.2.5.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10160-1
- SUSE Security Ratings
- SUSE Bug 1202156
- SUSE CVE CVE-2022-2652 page
Описание
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
Затронутые продукты
openSUSE Leap 15.3:v4l2loopback-autoload-0.12.5-lp153.2.5.1
openSUSE Leap 15.3:v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
openSUSE Leap 15.3:v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
openSUSE Leap 15.3:v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
Ссылки
- CVE-2022-2652
- SUSE Bug 1202156