|
|
Subscribe / Log in / New account

Debian alert DLA-4320-1 (u-boot)



From:
              Daniel Leidert <dleidert@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4320-1] u-boot security update


Date:
              Wed, 01 Oct 2025 01:45:06 +0200


Message-ID:
              <02f5a289262d1e8852fcffb63e2af4109dda5c61.camel@debian.org>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4320-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Daniel Leidert
October 01, 2025                              https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : u-boot
Version        : 2021.01+dfsg-5+deb11u2
CVE ID         : CVE-2021-27097 CVE-2021-27138
Debian Bug     : 983269 983270

Multiple vulnerabilties were discovered in u-boot, a boot loader for
embedded systems.

CVE-2021-27097

   Strange modifications of the FIT can introduce security risks.

CVE-2021-27138

   Using unit addresses in a FIT can pose security risks.

For Debian 11 bullseye, these problems have been fixed in version
2021.01+dfsg-5+deb11u2.

We recommend that you upgrade your u-boot packages.

For the detailed security status of u-boot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/u-boot

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmjca4IACgkQS80FZ8KW
0F3Udg//deug6p0xPDg6eHq1LTl7nD4MrDdiKBBHiEssdLDgUTKqqN3fpyxEsrnu
ffEvZjQxKFYf1pQNgQO8HNLJgWA8jTUyO95P+NfljhdZzMwIgq+YBjEKgsc/mm9Q
DoasesxYTj2bdn/6xIQO1ovs0bJABFRVAHtfNfaRrZEf2of+U90w4iKx47CSItBQ
c/ldOxlB/QUdjUDCb9BAnFhgXeRqsVwJwL+C3BeA6UMygBzrIYTSvzO2kRztNP8X
WgaO7vksGobHtGiJlxuYqeGNdVkWQrsukIoMn0HGkQvLv+i83g6sY0PjNK6y6wnx
ARsWxxgg+1a8sk2so4UBOaNDR9OXThFDLRRKqQWGekCazVkpZLMsaoAvL9EtoHxh
zMhE97sFcA55XMVH/r2+mMz9MCoL+/BTSaYW/mQJSFhEiaSzDdKu/OhAq2yFzN7t
CRI5k92pp7pQsXBXJANclr4gY+5dtkOrvZsUZL5F/0XIFwXe/mH9EAC0Jlcrcmr/
qcal3nSxlOWJ6nD2hwavEfZG4OM32Ytpl1YZVjt95v0L85lr1NlAoiRDfpuaCKs7
rRR57mq3RZRLHOIb5h4Oc4id5xwFDLebJRxzIM0rdp2RSgUx5GUwy0KFfhep6KZx
lh2jUawmyGmr4xAD03ezkIEs/hecrZejecADcMGFS6gQvP7VldU=
=81Xy
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds