A security issue in u-boot has been announced today (March 18): https://www.openwall.com/lists/oss-security/2020/03/18/5 Proposed patches have been linked from the end of the message above. Mageia 7 is also affected.
Blocks: (none) => 23799Status comment: (none) => Patches proposed upstreamWhiteboard: (none) => MGA7TOO
U-Boot v2020.04 released: https://lists.denx.de/pipermail/u-boot/2020-April/406522.html It should include fixes related to CVE-2020-10648
CC: (none) => rihoward1
U-Boot 2020.10 is released upstream.
SUSE has issued an advisory for this today (November 5): https://lists.suse.com/pipermail/sle-security-updates/2020-November/007704.html It also fixes a new issue.
Summary: u-boot new security issue CVE-2020-10648 => u-boot new security issues CVE-2020-8432 and CVE-2020-10648
openSUSE has issued an advisory for this on November 7: https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00030.html
This was the commit: https://build.opensuse.org/request/show/846438 That was in the 15.2 branch: https://build.opensuse.org/package/show/openSUSE:Leap:15.2:Update/u-boot The 15.1 branch fixed these CVEs and several others: https://build.opensuse.org/package/show/openSUSE:Leap:15.1:Update/u-boot "Fix CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209) Patch queue updated from git://github.com/openSUSE/u-boot.git sle15-sp1 * Patches added: 0018-CVE-net-fix-unbounded-memcpy-of-UDP.patch 0019-CVE-nfs-fix-stack-based-buffer-over.patch 0020-CVE-2019-14194-CVE-2019-14198-nfs-f.patch 0021-CVE-2019-14195-nfs-fix-unbounded-me.patch 0022-CVE-2019-14196-nfs-fix-unbounded-me.patch 0023-CVE-2019-13103-disk-stop-infinite-r.patch 0024-cmd-gpt-Address-error-cases-during-.patch 0025-Fix-ext4-block-group-descriptor-siz.patch 0026-lib-uuid-Fix-unseeded-PRNG-on-RANDO.patch 0027-image-Check-hash-nodes-when-checkin.patch 0028-image-Load-the-correct-configuratio.patch" from: https://build.opensuse.org/package/view_file/openSUSE:Leap:15.1:Update/u-boot/u-boot.changes?expand=1
from : https://security-tracker.debian.org/tracker/CVE-2020-8432 and https://security-tracker.debian.org/tracker/CVE-2020-10648 it is fixed in 2020.10
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7CC: (none) => mageia
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Status: NEW => RESOLVEDResolution: (none) => OLD