[SECURITY] [DLA 4150-1] u-boot security update
- To: debian-lts-announce@lists.debian.org
- Subject: [SECURITY] [DLA 4150-1] u-boot security update
- From: Daniel Leidert <dleidert@debian.org>
- Date: Thu, 01 May 2025 04:59:34 +0200
- Message-id: <[🔎] c059e41ae7db4892963cd7b076b7db9bcf2ecb90.camel@debian.org>
- Mail-followup-to: debian-lts@lists.debian.org
- Reply-to: debian-lts@lists.debian.org
------------------------------------------------------------------------- Debian LTS Advisory DLA-4150-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Daniel Leidert May 01, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : u-boot Version : 2021.01+dfsg-5+deb11u1 CVE ID : CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVE-2022-33103 CVE-2022-33967 CVE-2022-34835 CVE-2024-57254 CVE-2024-57255 CVE-2024-57256 CVE-2024-57257 CVE-2024-57258 CVE-2024-57259 Debian Bug : 1014470 1014471 1014528 1014529 1014959 1098254 Multiple vulnerabilties were discovered in u-boot, a boot loader for embedded systems. CVE-2022-2347 An unchecked length field leading to a heap overflow. CVE-2022-30552 and CVE-2022-30790 Buffer Overflow. CVE-2022-30767 (CVE-2019-14196) Unbounded memcpy with a failed length check, leading to a buffer overflow. This issue exists due to an incorrect fix for CVE-2019- 14196. CVE-2022-33103 Out-of-bounds write. CVE-2022-33967 Heap-based buffer overflow vulnerability which may lead to a denial- of-service (DoS). CVE-2022-34835 Integer signedness error and resultant stack-based buffer overflow. CVE-2024-57254 Integer overflow. CVE-2024-57255 Integer overflow. CVE-2024-57256 Integer overflow. CVE-2024-57257 Stack consumption issue. CVE-2024-57258 Multiple integer overflows. CVE-2024-57259 Off-by-one error resulting in heap memory corruption. For Debian 11 bullseye, these problems have been fixed in version 2021.01+dfsg-5+deb11u1. We recommend that you upgrade your u-boot packages. For the detailed security status of u-boot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/u-boot Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part
Reply to:
- Prev by Date: [SECURITY] [DLA 4149-1] nagvis security update
- Next by Date: [SECURITY] [DLA 4151-1] golang-github-gorilla-csrf security update
- Previous by thread: [SECURITY] [DLA 4149-1] nagvis security update
- Next by thread: [SECURITY] [DLA 4151-1] golang-github-gorilla-csrf security update
- Index(es):