Bug 30544 - u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347, CVE-2022-33103, CVE-2022-33967, CVE-2022-34835
Summary: u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CV...
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Pascal Terjan
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-13 17:38 CEST by David Walser
Modified: 2024-03-13 14:30 CET (History)
1 user (show)

See Also:
Source RPM: u-boot-20201007-9.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 2022.07-rc6 (except for CVE-2022-2347)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-06-13 17:38:12 CEST 
openSUSE has issued an advisory today (June 13):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J4MAVGHFA6AWXL7DYKNZFBK64L2MIM3T/

The issues are fixed upstream in 2022.07-rc4.

Mageia 8 is also affected.
David Walser 2022-06-13 17:43:32 CEST

Status comment: (none) => Fixed upstream in 2022.07-rc4
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-06-13 21:06:23 CEST 
Pascal has looked after this pkg for ages, so assigning this bug to you.

Assignee: bugsquad => pterjan

Comment 2 David Walser 2022-07-08 20:27:22 CEST 
A security issue in u-boot has been announced today (July 8):
https://www.openwall.com/lists/oss-security/2022/07/08/2

There doesn't appear to be a fix available yet.

Status comment: Fixed upstream in 2022.07-rc4 => Fixed upstream in 2022.07-rc4 (except for CVE-2022-2347)
Summary: u-boot new security issues CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 => u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347

Comment 3 David Walser 2022-07-29 17:46:04 CEST 
SUSE has issued an advisory today (July 29):
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011710.html

It fixes new issue that's fixed upstream in 2022.07-rc6.

Summary: u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347 => u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347, CVE-2022-34835
Status comment: Fixed upstream in 2022.07-rc4 (except for CVE-2022-2347) => Fixed upstream in 2022.07-rc6 (except for CVE-2022-2347)

Comment 4 David Walser 2022-08-04 19:07:34 CEST 
SUSE has issued an advisory on August 3:
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011765.html

It fixes new issue that's fixed upstream in 2022.07-rc6.

Summary: u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347, CVE-2022-34835 => u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347, CVE-2022-33967, CVE-2022-34835

Comment 6 David Walser 2022-08-04 19:23:08 CEST 
(In reply to David Walser from comment #4)
> SUSE has issued an advisory on August 3:
> https://lists.suse.com/pipermail/sle-security-updates/2022-August/011765.html
> 
> It fixes new issue that's fixed upstream in 2022.07-rc6.

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JH4GAZ5G3XK4M3ZTEA5DNSDUJA2U2WIF/
Comment 7 David Walser 2022-08-23 18:17:15 CEST 
SUSE has issued an advisory on August 22:
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011960.html

It fixes a new issue that's fixed upstream in 2022.07-rc4.

Summary: u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347, CVE-2022-33967, CVE-2022-34835 => u-boot new security issues CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-2347, CVE-2022-33103, CVE-2022-33967, CVE-2022-34835

Comment 8 David Walser 2022-08-23 18:26:35 CEST 
(In reply to David Walser from comment #7)
> SUSE has issued an advisory on August 22:
> https://lists.suse.com/pipermail/sle-security-updates/2022-August/011960.html
> 
> It fixes a new issue that's fixed upstream in 2022.07-rc4.

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XSDNVQXVQC7BBVG3WRGZOFUP76KMCYT6/
Comment 9 David Walser 2022-12-06 17:56:37 CET 
Ubuntu has issued an advisory for this today (December 6):
https://ubuntu.com/security/notices/USN-5764-1
Comment 10 Nicolas Salguero 2024-03-13 14:30:08 CET 
Mageia 8 EOL.

Version: Cauldron => 8
Resolution: (none) => OLD
Status: NEW => RESOLVED
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Note You need to log in before you can comment on or make changes to this bug.