Publishing details
Changelog
u-boot (2022.01+dfsg-2ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: unchecked length field in DFU implementation
- debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
- debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
drivers/usb/gadget/f_dfu.c.
- CVE-2022-2347
* SECURITY UPDATE: buffer overflow via invalid packets
- debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
fragmented datagram size in include/net.h, net/net.c.
- CVE-2022-30552
- CVE-2022-30790
* SECURITY UPDATE: incomplete fix for CVE-2019-14196
- debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
net/nfs.c.
- CVE-2022-30767
* SECURITY UPDATE: out of bounds write via sqfs_readdir()
- debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
in fs/squashfs/sqfs.c, include/fs.h.
- CVE-2022-33103
* SECURITY UPDATE: heap buffer overflow in metadata reading
- debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
fs/squashfs/sqfs.c.
- CVE-2022-33967
* SECURITY UPDATE: stack overflow in i2c md command
- debian/patches/CVE-2022-34835.patch: switch to unsigned int in
cmd/i2c.c.
- CVE-2022-34835
-- Marc Deslauriers <email address hidden> Thu, 24 Nov 2022 14:40:06 -0500
Builds
Package files