Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

openSUSE 15.4: SUSE-SU-2025:0763-1 moderate: u-boot integer overflow

opensuse
Calendar Grey March 3, 2025
Dist Opensuse Esm H88
A recent u-boot update addresses integer overflow vulnerabilities affecting several products, categorized with moderate risk.
An update that solves two vulnerabilities can now be installed.

Description

This update for u-boot fixes the following issues:

* CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution

function (bsc#1237284).

* CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator

(bsc#1237287).

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch SUSE-2025-763=1

* SUSE Linux Enterprise Micro for Rancher 5.3

zypper in -t patch SUSE-SLE-Micro-5.3-2025-763=1

* SUSE Linux Enterprise Micro 5.3

zypper in -t patch SUSE-SLE-Micro-5.3-2025-763=1

* SUSE Linux Enterprise Micro for Rancher 5.4

zypper in -t patch SUSE-SLE-Micro-5.4-2025-763=1

* SUSE Linux Enterprise Micro 5.4

zypper in -t patch SUSE-SLE-Micro-5.4-2025-763=1

* SUSE Linux Enterprise Micro 5.5

zypper in -t patch SUSE-SLE-Micro-5.5-2025-763=1

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* u-boot-tools-debuginfo-2021.10-150400.4.14.1

* u-boot-tools-2021.10-150400.4.14.1

* openSUSE Leap 15.4 (aarch64)

* u-boot-pinebook-doc-2021.10-150400.4.14.1

* u-boot-poplar-2021.10-150400.4.14.1

* u-boot-dragonboard820c-2021.10-150400.4.14.1

* u-boot-p3450-0000-doc-2021.10-150400.4.14.1

* u-boot-libretech-cc-doc-2021.10-150400.4.14.1

* u-boot-pinebook-pro-rk3399-doc-2021.10-150400.4.14.1

* u-boot-dragonboard410c-2021.10-150400.4.14.1

* u-boot-rock960-rk3399-2021.10-150400.4.14.1

* u-boot-nanopia64-doc-2021.10-150400.4.14.1

* u-boot-dragonboard820c-doc-2021.10-150400.4.14.1

* u-boot-geekbox-2021.10-150400.4.14.1

* u-boot-firefly-rk3399-doc-2021.10-150400.4.14.1

* u-boot-odroid-n2-doc-2021.10-150400.4.14.1

* u-boot-pine64plus-2021.10-150400.4.14.1

* u-boot-pineh64-2021.10-150400.4.14.1

* u-boot-rock-pi-4-rk3399-doc-2021.10-150400.4.14.1

* u-boot-khadas-vim-2021.10-150400.4.14.1

* u-boot-rpi3-2021.10-150400.4.14.1

*...

Read the Full Advisory

References

* bsc#1237284

* bsc#1237287

## References:

* https://www.suse.com/security/cve/CVE-2024-57256.html

* https://www.suse.com/security/cve/CVE-2024-57258.html

* https://bugzilla.suse.com/show_bug.cgi?id=1237284

* https://bugzilla.suse.com/show_bug.cgi?id=1237287

Announcement ID: SUSE-SU-2025:0763-1
Release Date: 2025-03-03T08:43:15Z
Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here