Bug 25799 - u-boot new security issues CVE-2019-1310[3-6]
Summary: u-boot new security issues CVE-2019-1310[3-6]
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Olivier Blin
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-03 17:46 CET by David Walser
Modified: 2021-07-01 18:20 CEST (History)
3 users (show)

See Also:
Source RPM: u-boot-20180507-3.mga7.src.rpm
CVE:
Status comment: Patches available from upstream


Attachments

Description David Walser 2019-12-03 17:46:51 CET
openSUSE has issued an advisory on October 1:
https://lists.opensuse.org/opensuse-updates/2019-10/msg00004.html

Mageia 7 is also affected.
David Walser 2019-12-03 17:47:01 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Lewis Smith 2019-12-03 19:14:25 CET
Assigning to registered - also most recent - maintainer, Olivier.

Assignee: bugsquad => mageia

Comment 2 r howard 2019-12-03 20:14:17 CET
There are 4 CVE related to this:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13106

The fixes were applied to the denx u-boot master branch in July 2019.

CC: (none) => rihoward1

Comment 3 David Walser 2019-12-03 21:50:46 CET
Thanks.

Summary: u-boot new security issues CVE-2019-13104 and CVE-2019-13106 => u-boot new security issues CVE-2019-1310[3-6]

Comment 4 Aurelien Oudelet 2020-09-23 18:17:45 CEST
u-boot-tools-20180507-4.mga8.src.rpm in Cauldron.

Source RPM: u-boot-20180507-3.mga7.src.rpm => u-boot-tools-20180507-3.mga7.src.rpm
CC: (none) => ouaurelien

David Walser 2020-09-23 18:31:46 CEST

Source RPM: u-boot-tools-20180507-3.mga7.src.rpm => u-boot-20180507-3.mga7.src.rpm

Comment 5 David Walser 2020-09-23 18:32:29 CEST
No, it's u-boot, not u-boot-tools.
Comment 6 Aurelien Oudelet 2020-10-06 16:27:52 CEST
U-Boot 2020.10 is released upstream.
Comment 7 Nicolas Lécureuil 2021-01-06 18:56:22 CET
CVE-2019-13103 : Fixed in cauldron
https://gitlab.denx.de/u-boot/u-boot/commit
/232e2f4fd9a24bf08215ddc8c53ccadffc841fb5

CVE-2019-13104 : Fixed in cauldron
https://gitlab.denx.de/u-boot/u-boot/commit/878269dbe74229005dd7f27aca66c554e31dad8e


CVE-2019-13105 : Fixed in cauldron
https://gitlab.denx.de/u-boot/u-boot/commit/6e5a79de658cb1c8012c86e0837379aa6eabd024

CVE-2019-13106 : Fixed in cauldron
https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
CC: (none) => mageia

David Walser 2021-01-06 23:15:51 CET

Status comment: (none) => Patches available from upstream

Comment 8 David Walser 2021-07-01 18:20:18 CEST
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.