Package "u-boot"

Name: u-boot


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • A boot loader for qemu
  • companion tools for Das U-Boot bootloader

Latest version: 2020.10+dfsg-1ubuntu0~18.04.3
Release: bionic (18.04)
Level: updates
Repository: main


Other versions of "u-boot" in Bionic

Repository Area Version
base main 2016.03+dfsg1-6ubuntu2
security main 2020.10+dfsg-1ubuntu0~18.04.3

Packages in group

Deleted packages are displayed in grey.


Version: 2020.10+dfsg-1ubuntu0~18.04.3 2022-12-07 23:06:24 UTC

  u-boot (2020.10+dfsg-1ubuntu0~18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: unchecked length field in DFU implementation
    - debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
      UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
    - debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
    - CVE-2022-2347
  * SECURITY UPDATE: buffer overflow via invalid packets
    - debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
      fragmented datagram size in include/net.h, net/net.c.
    - CVE-2022-30552
    - CVE-2022-30790
  * SECURITY UPDATE: incomplete fix for CVE-2019-14196
    - debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
    - CVE-2022-30767
  * SECURITY UPDATE: out of bounds write via sqfs_readdir()
    - debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
      in fs/squashfs/sqfs.c, include/fs.h.
    - CVE-2022-33103
  * SECURITY UPDATE: heap buffer overflow in metadata reading
    - debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
    - CVE-2022-33967
  * SECURITY UPDATE: stack overflow in i2c md command
    - debian/patches/CVE-2022-34835.patch: switch to unsigned int in
    - CVE-2022-34835

 -- Marc Deslauriers <email address hidden> Fri, 25 Nov 2022 10:33:01 -0500

Source diff to previous version
CVE-2022-2347 There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVE-2019-14196 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corrupti

Version: 2020.10+dfsg-1ubuntu0~18.04.2 2021-02-18 15:06:20 UTC

  u-boot (2020.10+dfsg-1ubuntu0~18.04.2) bionic; urgency=medium

  * SRU of changes through to 2020.10+dfsg-1ubuntu6 to fix Pi4-8GB & CM4 support:

  * Add d/p/rpi-8gb-pci.patch for Pi400 and Pi4-8Gb support (LP: #1906552)
  * Add d/p/rpi-cm4-sdhci.patch for CM4 eMMC support
  * Add d/p/rpi-maxargs.patch for new Core 18 boot-env (LP: #1910094)
  * Remove redundant d/targets entries

Source diff to previous version
1906552 \
1910094 uboot fails to save env after core18 refresh

Version: 2019.07+dfsg-1ubuntu4~18.04.1 2020-02-03 11:06:59 UTC

  u-boot (2019.07+dfsg-1ubuntu4~18.04.1) bionic; urgency=medium

  * Backport of 2019.07+dfsg1 to support Raspberry Pi 4 boot (LP: #1846329)
  * Handle differing root partition labels during migration
  * Ensure boot.scr is from recent flash-kernel

Source diff to previous version
1846329 [SRU] 2019.07 to support Pi4 boot

Version: 2018.07~rc3+dfsg1-0ubuntu3~18.04.1 2019-06-13 12:06:15 UTC

  u-boot (2018.07~rc3+dfsg1-0ubuntu3~18.04.1) bionic; urgency=low

  * Enable FIT signing support (LP: #1831942)
    - Enable CONFIG_FIT_SIGNATURE so we can sign FIT images.
    - Add libssl-dev to Build-Depends: to enable crypto functionality.
    - Limit key names to keys within the keydir.

 -- Andy Whitcroft <email address hidden> Mon, 10 Jun 2019 20:52:14 +0100

Source diff to previous version
1831942 support u-boot Flat Image Tree (FIT) signing support

Version: 2018.07~rc3+dfsg1-0ubuntu2~18.04.1 2019-03-19 22:06:54 UTC

  u-boot (2018.07~rc3+dfsg1-0ubuntu2~18.04.1) bionic; urgency=medium

  * d/control: Add missing dependency on binutils (for strings) (LP: #1814930)

 -- Dave Jones <email address hidden> Wed, 06 Feb 2019 16:40:22 +0000

1814930 u-boot-tools missing binutils dependency

About   -   Send Feedback to @ubuntu_updates