Security update for u-boot SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3282-1 Final 1 1 2020-11-11T08:55:32Z current 2020-11-11T08:55:32Z 2020-11-11T08:55:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for u-boot This update for u-boot fixes the following issues: CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-3282,SUSE-SLE-Module-Basesystem-15-SP1-2020-3282 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ Link for SUSE-SU-2020:3282-1 https://lists.suse.com/pipermail/sle-security-updates/2020-November/007758.html E-Mail link for SUSE-SU-2020:3282-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1134157 SUSE Bug 1134157 https://bugzilla.suse.com/1134853 SUSE Bug 1134853 https://bugzilla.suse.com/1143463 SUSE Bug 1143463 https://bugzilla.suse.com/1143777 SUSE Bug 1143777 https://bugzilla.suse.com/1143817 SUSE Bug 1143817 https://bugzilla.suse.com/1143818 SUSE Bug 1143818 https://bugzilla.suse.com/1143819 SUSE Bug 1143819 https://bugzilla.suse.com/1143820 SUSE Bug 1143820 https://bugzilla.suse.com/1143821 SUSE Bug 1143821 https://bugzilla.suse.com/1143823 SUSE Bug 1143823 https://bugzilla.suse.com/1143824 SUSE Bug 1143824 https://bugzilla.suse.com/1143825 SUSE Bug 1143825 https://bugzilla.suse.com/1143827 SUSE Bug 1143827 https://bugzilla.suse.com/1143828 SUSE Bug 1143828 https://bugzilla.suse.com/1143830 SUSE Bug 1143830 https://bugzilla.suse.com/1143831 SUSE Bug 1143831 https://bugzilla.suse.com/1162198 SUSE Bug 1162198 https://bugzilla.suse.com/1167209 SUSE Bug 1167209 https://www.suse.com/security/cve/CVE-2019-11059/ SUSE CVE CVE-2019-11059 page https://www.suse.com/security/cve/CVE-2019-11690/ SUSE CVE CVE-2019-11690 page https://www.suse.com/security/cve/CVE-2019-13103/ SUSE CVE CVE-2019-13103 page https://www.suse.com/security/cve/CVE-2019-14192/ SUSE CVE CVE-2019-14192 page https://www.suse.com/security/cve/CVE-2019-14193/ SUSE CVE CVE-2019-14193 page https://www.suse.com/security/cve/CVE-2019-14194/ SUSE CVE CVE-2019-14194 page https://www.suse.com/security/cve/CVE-2019-14195/ SUSE CVE CVE-2019-14195 page https://www.suse.com/security/cve/CVE-2019-14196/ SUSE CVE CVE-2019-14196 page https://www.suse.com/security/cve/CVE-2019-14197/ SUSE CVE CVE-2019-14197 page https://www.suse.com/security/cve/CVE-2019-14198/ SUSE CVE CVE-2019-14198 page https://www.suse.com/security/cve/CVE-2019-14199/ SUSE CVE CVE-2019-14199 page https://www.suse.com/security/cve/CVE-2019-14200/ SUSE CVE CVE-2019-14200 page https://www.suse.com/security/cve/CVE-2019-14201/ SUSE CVE CVE-2019-14201 page https://www.suse.com/security/cve/CVE-2019-14202/ SUSE CVE CVE-2019-14202 page https://www.suse.com/security/cve/CVE-2019-14203/ SUSE CVE CVE-2019-14203 page https://www.suse.com/security/cve/CVE-2019-14204/ SUSE CVE CVE-2019-14204 page https://www.suse.com/security/cve/CVE-2020-10648/ SUSE CVE CVE-2020-10648 page https://www.suse.com/security/cve/CVE-2020-8432/ SUSE CVE CVE-2020-8432 page SUSE Linux Enterprise Module for Basesystem 15 SP1 u-boot-bananapim64-2019.01-7.10.2 u-boot-bananapim64-doc-2019.01-7.10.2 u-boot-dragonboard410c-2019.01-7.10.2 u-boot-dragonboard410c-doc-2019.01-7.10.2 u-boot-dragonboard820c-2019.01-7.10.2 u-boot-dragonboard820c-doc-2019.01-7.10.2 u-boot-evb-rk3399-2019.01-7.10.2 u-boot-evb-rk3399-doc-2019.01-7.10.2 u-boot-firefly-rk3399-2019.01-7.10.2 u-boot-firefly-rk3399-doc-2019.01-7.10.2 u-boot-geekbox-2019.01-7.10.2 u-boot-geekbox-doc-2019.01-7.10.2 u-boot-hikey-2019.01-7.10.2 u-boot-hikey-doc-2019.01-7.10.2 u-boot-khadas-vim-2019.01-7.10.2 u-boot-khadas-vim-doc-2019.01-7.10.2 u-boot-khadas-vim2-2019.01-7.10.2 u-boot-khadas-vim2-doc-2019.01-7.10.2 u-boot-ls1012afrdmqspi-2019.01-7.10.2 u-boot-ls1012afrdmqspi-doc-2019.01-7.10.2 u-boot-mvebudb-88f3720-2019.01-7.10.2 u-boot-mvebudb-88f3720-doc-2019.01-7.10.2 u-boot-mvebudbarmada8k-2019.01-7.10.2 u-boot-mvebudbarmada8k-doc-2019.01-7.10.2 u-boot-mvebuespressobin-88f3720-2019.01-7.10.2 u-boot-mvebuespressobin-88f3720-doc-2019.01-7.10.2 u-boot-mvebumcbin-88f8040-2019.01-7.10.2 u-boot-mvebumcbin-88f8040-doc-2019.01-7.10.2 u-boot-nanopia64-2019.01-7.10.2 u-boot-nanopia64-doc-2019.01-7.10.2 u-boot-odroid-c2-2019.01-7.10.2 u-boot-odroid-c2-doc-2019.01-7.10.2 u-boot-orangepipc2-2019.01-7.10.2 u-boot-orangepipc2-doc-2019.01-7.10.2 u-boot-p2371-2180-2019.01-7.10.2 u-boot-p2371-2180-doc-2019.01-7.10.2 u-boot-p2771-0000-500-2019.01-7.10.2 u-boot-p2771-0000-500-doc-2019.01-7.10.2 u-boot-pine64plus-2019.01-7.10.2 u-boot-pine64plus-doc-2019.01-7.10.2 u-boot-pinebook-2019.01-7.10.2 u-boot-pinebook-doc-2019.01-7.10.2 u-boot-pineh64-2019.01-7.10.2 u-boot-pineh64-doc-2019.01-7.10.2 u-boot-poplar-2019.01-7.10.2 u-boot-poplar-doc-2019.01-7.10.2 u-boot-rock960-rk3399-2019.01-7.10.2 u-boot-rock960-rk3399-doc-2019.01-7.10.2 u-boot-rpi3-2019.01-7.10.2 u-boot-rpi3-doc-2019.01-7.10.2 u-boot-tools-2019.01-7.10.1 u-boot-xilinxzynqmpgeneric-2019.01-7.10.2 u-boot-xilinxzynqmpgeneric-doc-2019.01-7.10.2 u-boot-xilinxzynqmpzcu102rev10-2019.01-7.10.2 u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-7.10.2 u-boot-rpi3-2019.01-7.10.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 u-boot-tools-2019.01-7.10.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. CVE-2019-11059 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-11059.html CVE-2019-11059 https://bugzilla.suse.com/1134853 SUSE Bug 1134853 gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. CVE-2019-11690 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-11690.html CVE-2019-11690 https://bugzilla.suse.com/1134157 SUSE Bug 1134157 A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. CVE-2019-13103 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-13103.html CVE-2019-13103 https://bugzilla.suse.com/1143463 SUSE Bug 1143463 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. CVE-2019-14192 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14192.html CVE-2019-14192 https://bugzilla.suse.com/1143777 SUSE Bug 1143777 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. CVE-2019-14193 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14193.html CVE-2019-14193 https://bugzilla.suse.com/1143817 SUSE Bug 1143817 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. CVE-2019-14194 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14194.html CVE-2019-14194 https://bugzilla.suse.com/1143818 SUSE Bug 1143818 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. CVE-2019-14195 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14195.html CVE-2019-14195 https://bugzilla.suse.com/1143819 SUSE Bug 1143819 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. CVE-2019-14196 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14196.html CVE-2019-14196 https://bugzilla.suse.com/1143820 SUSE Bug 1143820 https://bugzilla.suse.com/1199623 SUSE Bug 1199623 An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. CVE-2019-14197 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14197.html CVE-2019-14197 https://bugzilla.suse.com/1143821 SUSE Bug 1143821 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. CVE-2019-14198 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14198.html CVE-2019-14198 https://bugzilla.suse.com/1143823 SUSE Bug 1143823 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. CVE-2019-14199 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14199.html CVE-2019-14199 https://bugzilla.suse.com/1143824 SUSE Bug 1143824 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. CVE-2019-14200 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14200.html CVE-2019-14200 https://bugzilla.suse.com/1143825 SUSE Bug 1143825 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. CVE-2019-14201 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14201.html CVE-2019-14201 https://bugzilla.suse.com/1143827 SUSE Bug 1143827 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. CVE-2019-14202 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14202.html CVE-2019-14202 https://bugzilla.suse.com/1143828 SUSE Bug 1143828 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. CVE-2019-14203 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14203.html CVE-2019-14203 https://bugzilla.suse.com/1143830 SUSE Bug 1143830 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. CVE-2019-14204 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2019-14204.html CVE-2019-14204 https://bugzilla.suse.com/1143831 SUSE Bug 1143831 Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. CVE-2020-10648 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2020-10648.html CVE-2020-10648 https://bugzilla.suse.com/1167209 SUSE Bug 1167209 In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. CVE-2020-8432 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/ https://www.suse.com/security/cve/CVE-2020-8432.html CVE-2020-8432 https://bugzilla.suse.com/1162198 SUSE Bug 1162198