SUSE Security Update: Security update for u-boot
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2052-1
Rating: important
References: #1199623 #1200363 #1200364
Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790
CVSS scores:
CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for u-boot fixes the following issues:
- CVE-2022-30552: A large buffer overflow could have lead to a denial of
service in the IP Packet deframentation code. (bsc#1200363)
- CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an
arbitrary out of bounds write primitive. (bsc#1200364)
- CVE-2022-30767: Fixed an unbounded memcpy with a failed length check
leading to a buffer overflow (bsc#1199623).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2052=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64):
u-boot-rpi3-2019.01-5.8.1
u-boot-tools-2019.01-5.8.1
u-boot-tools-debuginfo-2019.01-5.8.1
References:
https://www.suse.com/security/cve/CVE-2022-30552.html
https://www.suse.com/security/cve/CVE-2022-30767.html
https://www.suse.com/security/cve/CVE-2022-30790.html
https://bugzilla.suse.com/1199623
https://bugzilla.suse.com/1200363
https://bugzilla.suse.com/1200364
SUSE: 2022:2052-1 important: u-boot
June 13, 2022
An update that fixes three vulnerabilities is now available
Summary
This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2052=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64): u-boot-rpi3-2019.01-5.8.1 u-boot-tools-2019.01-5.8.1 u-boot-tools-debuginfo-2019.01-5.8.1
References
#1199623 #1200363 #1200364
Cross- CVE-2022-30552 CVE-2022-30767 CVE-2022-30790
CVSS scores:
CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
https://www.suse.com/security/cve/CVE-2022-30552.html
https://www.suse.com/security/cve/CVE-2022-30767.html
https://www.suse.com/security/cve/CVE-2022-30790.html
https://bugzilla.suse.com/1199623
https://bugzilla.suse.com/1200363
https://bugzilla.suse.com/1200364
Severity
Announcement ID: SUSE-SU-2022:2052-1
Rating: important
News
HOWTOs
Features
How To Hide Your IP And Keep From Being Tracked
Which Browser is Best for Online Security?
Complete Guide to Using Wapiti Web Vulnerability Scanner to Keep Your Web Applications & Websites Secure
Guide to Web Application Penetration Testing
Thank You for Participating in Our Security Dashboard Redesign Survey
About Us
Powered By
