From: "Scott Murray" <scott.murray@konsulko.com>
To: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [oe] [PATCH] [meta-oe] kernel-fitimage: Fix CVE-2021-27138
Date: Sun, 21 Feb 2021 13:02:32 -0500 (EST) [thread overview]
Message-ID: <5a8c8c64-137f-ba2-63b9-59e878f3307f@spiteful.org> (raw)
In-Reply-To: <20210220214042.4882-1-klaus@linux.vnet.ibm.com>
On Sat, 20 Feb 2021, Klaus Heinrich Kiwi wrote:
> Das U-Boot 2021.4-rc1 has the following commit:
>
> commit 3f04db891a353f4b127ed57279279f851c6b4917
> Author: Simon Glass <sjg@chromium.org>
> Date: Mon Feb 15 17:08:12 2021 -0700
>
> image: Check for unit addresses in FITs
>
> Using unit addresses in a FIT is a security risk. Add a check for
> this and disallow it.
>
> CVE-2021-27138
>
> Adjust the kernel-fitimage.bbclass accordingly to not use unit
> addresses. In addition to fixing a CVE, this is also required before we
> can bump U-Boot to 2021.4.
>
> Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
[snip]
Please send this to the oe-core list since kernel-fitimage.bbclass is in
it, not meta-openembedded. I would also perhaps be inclined to not
describe this change itself as "fixing a CVE", since it is the change in
U-Boot that actually does that IMO.
Thanks,
Scott
next prev parent reply other threads:[~2021-02-21 18:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-20 21:40 [PATCH] [meta-oe] kernel-fitimage: Fix CVE-2021-27138 Klaus Heinrich Kiwi
2021-02-21 18:02 ` Scott Murray [this message]
2021-02-21 19:13 ` [oe] " Klaus Heinrich Kiwi
2021-02-21 22:07 ` Scott Murray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a8c8c64-137f-ba2-63b9-59e878f3307f@spiteful.org \
--to=scott.murray@konsulko.com \
--cc=klaus@linux.vnet.ibm.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.