The CVE fixes mentioned by Christian are included in hirsute and
impish's ipmitool:
ipmitool (1.8.18-10.1) unstable; urgency=high
* Non-maintainer upload.
* CVE-2020-5208: buffer overflows and potentially to remote code execution.
Applied upstream patches:
- CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch
- CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
- CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch
- CVE-2020-5208_4-channel-Fix-buffer-overflow.patch
- CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch
- CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch
(Closes: #950761).
-- Thomas Goirand <z...@debian.org> Fri, 19 Feb 2021 11:04:17 +0100
These aren't included in bionic or focal though, so may be worth
investigation to include if we SRU this fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864612
Title:
requests ipmi-tool to include lasted patch for supporting quanta
server
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1864612/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
