Security update for u-boot
This update for u-boot fixes the following issues:
CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Matthias Brugger (mbrugger)
Fixed bugs
bnc#1143820
VUL-0: CVE-2019-14196: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
bnc#1143828
VUL-0: CVE-2019-14202: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
bnc#1134157
VUL-1: CVE-2019-11690: u-boot: missing srand call which allows attackers to determine UUID
bnc#1143824
VUL-0: CVE-2019-14199: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
bnc#1167209
VUL-0: CVE-2020-10648: u-boot: verified boot improper signature verification
bnc#1143817
VUL-0: CVE-2019-14193: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
bnc#1143777
VUL-0: CVE-2019-14192: u-boot: integer underflow due to unbounded memcpy when parsing a UDP packet
bnc#1143818
VUL-0: CVE-2019-14194: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
bnc#1143827
VUL-0: CVE-2019-14201: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
bnc#1143463
VUL-1: CVE-2019-13103: u-boot,u-boot-rpi3: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually crash or overwrite data
bnc#1162198
VUL-0: CVE-2020-8432: u-boot: double free in the cmd/gpt.c do_rename_gpt_parts() function, allowing an attacker to execute arbitrary code
bnc#1143823
VUL-0: CVE-2019-14198: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
bnc#1134853
VUL-1: CVE-2019-11059: u-boot: mishandling the ext4 64-bit extension, resulting in a buffer overflow
bnc#1143831
VUL-0: CVE-2019-14204: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
bnc#1143821
VUL-0: CVE-2019-14197: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
bnc#1143825
VUL-0: CVE-2019-14200: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
bnc#1143830
VUL-0: CVE-2019-14203: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
bnc#1143819
VUL-0: CVE-2019-14195: u-boot: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
