[ubuntu/bionic-security] u-boot 2020.10+dfsg-1ubuntu0~18.04.3 (Accepted)

[Marc Deslauriers]

u-boot (2020.10+dfsg-1ubuntu0~18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: unchecked length field in DFU implementation
    - debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
      UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
    - debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
      drivers/usb/gadget/f_dfu.c.
    - CVE-2022-2347
  * SECURITY UPDATE: buffer overflow via invalid packets
    - debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
      fragmented datagram size in include/net.h, net/net.c.
    - CVE-2022-30552
    - CVE-2022-30790
  * SECURITY UPDATE: incomplete fix for CVE-2019-14196
    - debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
      net/nfs.c.
    - CVE-2022-30767
  * SECURITY UPDATE: out of bounds write via sqfs_readdir()
    - debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
      in fs/squashfs/sqfs.c, include/fs.h.
    - CVE-2022-33103
  * SECURITY UPDATE: heap buffer overflow in metadata reading
    - debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
      fs/squashfs/sqfs.c.
    - CVE-2022-33967
  * SECURITY UPDATE: stack overflow in i2c md command
    - debian/patches/CVE-2022-34835.patch: switch to unsigned int in
      cmd/i2c.c.
    - CVE-2022-34835

Date: 2022-11-25 16:05:09.492956+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/u-boot/2020.10+dfsg-1ubuntu0~18.04.3
-------------- next part --------------
Sorry, changesfile not available.