An update for uboot-tools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1751
Final
1.0
1.0
2022-07-15
Initial
2022-07-15
2022-07-15
openEuler SA Tool V1.0
2022-07-15
uboot-tools security update
An update for uboot-tools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fw_printenv and fw_setenv programs to read and modify U-Boot's environment.
Security Fix(es):
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.(CVE-2022-34835)
An update for uboot-tools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
uboot-tools
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1751
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34835
https://nvd.nist.gov/vuln/detail/CVE-2022-34835
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
uboot-tools-debugsource-2020.07-6.oe1.aarch64.rpm
uboot-tools-2020.07-6.oe1.aarch64.rpm
uboot-tools-debuginfo-2020.07-6.oe1.aarch64.rpm
uboot-images-elf-2020.07-6.oe1.aarch64.rpm
uboot-images-elf-2020.07-6.oe1.aarch64.rpm
uboot-tools-debuginfo-2020.07-6.oe1.aarch64.rpm
uboot-tools-debugsource-2020.07-6.oe1.aarch64.rpm
uboot-tools-2020.07-6.oe1.aarch64.rpm
uboot-tools-2021.10-3.oe2203.aarch64.rpm
uboot-images-elf-2021.10-3.oe2203.aarch64.rpm
uboot-tools-debugsource-2021.10-3.oe2203.aarch64.rpm
uboot-tools-debuginfo-2021.10-3.oe2203.aarch64.rpm
uboot-images-armv8-2020.07-6.oe1.noarch.rpm
uboot-tools-help-2020.07-6.oe1.noarch.rpm
uboot-images-armv8-2020.07-6.oe1.noarch.rpm
uboot-tools-help-2020.07-6.oe1.noarch.rpm
uboot-images-armv8-2021.10-3.oe2203.noarch.rpm
uboot-tools-help-2021.10-3.oe2203.noarch.rpm
uboot-tools-2020.07-6.oe1.src.rpm
uboot-tools-2020.07-6.oe1.src.rpm
uboot-tools-2021.10-3.oe2203.src.rpm
uboot-tools-2020.07-6.oe1.x86_64.rpm
uboot-tools-debuginfo-2020.07-6.oe1.x86_64.rpm
uboot-tools-debugsource-2020.07-6.oe1.x86_64.rpm
uboot-tools-debugsource-2020.07-6.oe1.x86_64.rpm
uboot-tools-2020.07-6.oe1.x86_64.rpm
uboot-tools-debuginfo-2020.07-6.oe1.x86_64.rpm
uboot-tools-debuginfo-2021.10-3.oe2203.x86_64.rpm
uboot-tools-2021.10-3.oe2203.x86_64.rpm
uboot-tools-debugsource-2021.10-3.oe2203.x86_64.rpm
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the do_i2c_md function.
2022-07-15
CVE-2022-34835
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
uboot-tools security update
2022-07-15
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1751