What Are You Looking For?

Popular Tags

Sign Up

   SUSE Security Update: Security update for u-boot
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2055-1
Rating:             important
References:         #1200363 #1200364 
Cross-References:   CVE-2022-30552 CVE-2022-30790
CVSS scores:
                    CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP4-LTSS
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for u-boot fixes the following issues:

   - A large buffer overflow could have lead to a denial of service in the IP
     Packet deframentation code. (CVE-2022-30552, bsc#1200363)
   - A Hole Descriptor Overwrite could have lead to an arbitrary out of
     bounds write primitive. (CVE-2022-30790, bsc#1200364)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2055=1



Package List:

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64):

      u-boot-rpi3-2018.03-4.6.1
      u-boot-tools-2018.03-4.6.1
      u-boot-tools-debuginfo-2018.03-4.6.1


References:

   https://www.suse.com/security/cve/CVE-2022-30552.html
   https://www.suse.com/security/cve/CVE-2022-30790.html
   https://bugzilla.suse.com/1200363
   https://bugzilla.suse.com/1200364

SUSE: 2022:2055-1 important: u-boot

June 13, 2022
An update that fixes two vulnerabilities is now available

Summary

This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2055=1 Package List: - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): u-boot-rpi3-2018.03-4.6.1 u-boot-tools-2018.03-4.6.1 u-boot-tools-debuginfo-2018.03-4.6.1

References

#1200363 #1200364

Cross- CVE-2022-30552 CVE-2022-30790

CVSS scores:

CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP4-LTSS

https://www.suse.com/security/cve/CVE-2022-30552.html

https://www.suse.com/security/cve/CVE-2022-30790.html

https://bugzilla.suse.com/1200363

https://bugzilla.suse.com/1200364

Severity
Announcement ID: SUSE-SU-2022:2055-1
Rating: important

Related News

Severe Chromium DoS, Info Disclosure Vulns Fixed

Sep 30, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Sep 23, 2023

GitHub Makes Passkeys Security Feature Available to All

Sep 27, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

News

Advisories

HOWTOs

Features

Guide To Tackling Network Programming Assignments On Linux
Guide To Software Security Testing On Linux
Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

About Us

Powered By

Footer Logo

Feedback