Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE Leap 15.6: SUSE-SU-2025:0989-1 moderate: u-boot integer overflows

opensuse
Calendar Grey March 24, 2025
Dist Opensuse Esm H88
A patch for u-boot resolves significant vulnerabilities linked to integer overflows. Update to enhance performance and safety.
An update that solves two vulnerabilities can now be installed.

Description

This update for u-boot fixes the following issues:

* CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution

function (bsc#1237284).

* CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator

(bsc#1237287).

Topics%20covered

Topics Covered

security advisory moderate update integer overflow memory allocation u-boot

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2025-989=1 openSUSE-SLE-15.6-2025-989=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-989=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* u-boot-tools-debuginfo-2021.10-150600.11.3.1

* u-boot-tools-2021.10-150600.11.3.1

* openSUSE Leap 15.6 (aarch64)

* u-boot-pine64plus-2021.10-150600.11.3.1

* u-boot-dragonboard820c-doc-2021.10-150600.11.3.1

* u-boot-rock960-rk3399-doc-2021.10-150600.11.3.1

* u-boot-evb-rk3399-2021.10-150600.11.3.1

* u-boot-mvebudb-88f3720-2021.10-150600.11.3.1

* u-boot-pineh64-2021.10-150600.11.3.1

* u-boot-p2771-0000-500-doc-2021.10-150600.11.3.1

* u-boot-odroid-n2-2021.10-150600.11.3.1

* u-boot-libretech-ac-doc-2021.10-150600.11.3.1

* u-boot-poplar-doc-2021.10-150600.11.3.1

* u-boot-p3450-0000-doc-2021.10-150600.11.3.1

* u-boot-p3450-0000-2021.10-150600.11.3.1

* u-boot-xilinxzynqmpvirt-2021.10-150600.11.3.1

* u-boot-nanopia64-2021.10-150600.11.3.1

* u-boot-geekbox-2021.10-150600.11.3.1

* u-boot-odroid-c2-2021.10-150600.11.3.1

* u-boot-xilinxzynqmpzcu102rev10-2021.10-150600.11.3.1

* u-boot-khadas-vim-2021.10-150600.11.3.1

*...

Read the Full Advisory

References

* bsc#1237284

* bsc#1237287

## References:

* https://www.suse.com/security/cve/CVE-2024-57256.html

* https://www.suse.com/security/cve/CVE-2024-57258.html

* https://bugzilla.suse.com/show_bug.cgi?id=1237284

* https://bugzilla.suse.com/show_bug.cgi?id=1237287

Announcement ID: SUSE-SU-2025:0989-1
Release Date: 2025-03-24T09:32:47Z
Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics%20covered

Topics Covered

security advisory moderate update integer overflow memory allocation u-boot

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here