OESA-2026-1971

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1971
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1971
Upstream
Published
2026-04-17T13:03:01Z
Modified
2026-04-17T13:20:43.715206Z
Summary
uboot-tools security update
Details

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment.

Security Fix(es):

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.(CVE-2024-42040)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4
uboot-tools

Package

Name
uboot-tools
Purl
pkg:rpm/openEuler/uboot-tools&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2020.07-11.oe2003sp4

Ecosystem specific 

{
    "aarch64": [
        "uboot-images-elf-2020.07-11.oe2003sp4.aarch64.rpm",
        "uboot-tools-2020.07-11.oe2003sp4.aarch64.rpm",
        "uboot-tools-debuginfo-2020.07-11.oe2003sp4.aarch64.rpm",
        "uboot-tools-debugsource-2020.07-11.oe2003sp4.aarch64.rpm"
    ],
    "noarch": [
        "uboot-images-armv8-2020.07-11.oe2003sp4.noarch.rpm",
        "uboot-tools-help-2020.07-11.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "uboot-tools-2020.07-11.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "uboot-tools-2020.07-11.oe2003sp4.x86_64.rpm",
        "uboot-tools-debuginfo-2020.07-11.oe2003sp4.x86_64.rpm",
        "uboot-tools-debugsource-2020.07-11.oe2003sp4.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json"
openEuler:22.03-LTS-SP4
uboot-tools

Package

Name
uboot-tools
Purl
pkg:rpm/openEuler/uboot-tools&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.10-12.oe2203sp4

Ecosystem specific 

{
    "aarch64": [
        "uboot-images-elf-2021.10-12.oe2203sp4.aarch64.rpm",
        "uboot-tools-2021.10-12.oe2203sp4.aarch64.rpm",
        "uboot-tools-debuginfo-2021.10-12.oe2203sp4.aarch64.rpm",
        "uboot-tools-debugsource-2021.10-12.oe2203sp4.aarch64.rpm"
    ],
    "noarch": [
        "uboot-images-armv8-2021.10-12.oe2203sp4.noarch.rpm",
        "uboot-tools-help-2021.10-12.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "uboot-tools-2021.10-12.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "uboot-tools-2021.10-12.oe2203sp4.x86_64.rpm",
        "uboot-tools-debuginfo-2021.10-12.oe2203sp4.x86_64.rpm",
        "uboot-tools-debugsource-2021.10-12.oe2203sp4.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json"
openEuler:24.03-LTS
uboot-tools

Package

Name
uboot-tools
Purl
pkg:rpm/openEuler/uboot-tools&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.01-4.oe2403sp3

Ecosystem specific 

{
    "aarch64": [
        "uboot-images-elf-2024.01-4.oe2403.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403.aarch64.rpm",
        "uboot-images-elf-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-images-elf-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-images-elf-2024.01-4.oe2403sp3.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403sp3.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp3.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp3.aarch64.rpm"
    ],
    "noarch": [
        "uboot-images-armv8-2024.01-4.oe2403.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403.noarch.rpm",
        "uboot-images-armv8-2024.01-4.oe2403sp1.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403sp1.noarch.rpm",
        "uboot-images-armv8-2024.01-4.oe2403sp2.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403sp2.noarch.rpm",
        "uboot-images-armv8-2024.01-4.oe2403sp3.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403sp3.noarch.rpm"
    ],
    "src": [
        "uboot-tools-2024.01-4.oe2403.src.rpm",
        "uboot-tools-2024.01-4.oe2403sp1.src.rpm",
        "uboot-tools-2024.01-4.oe2403sp2.src.rpm",
        "uboot-tools-2024.01-4.oe2403sp3.src.rpm"
    ],
    "x86_64": [
        "uboot-tools-2024.01-4.oe2403.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403.x86_64.rpm",
        "uboot-tools-2024.01-4.oe2403sp1.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp1.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp1.x86_64.rpm",
        "uboot-tools-2024.01-4.oe2403sp2.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp2.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp2.x86_64.rpm",
        "uboot-tools-2024.01-4.oe2403sp3.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp3.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp3.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json"
openEuler:24.03-LTS-SP1
uboot-tools

Package

Name
uboot-tools
Purl
pkg:rpm/openEuler/uboot-tools&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.01-4.oe2403sp1

Ecosystem specific 

{
    "aarch64": [
        "uboot-images-elf-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp1.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp1.aarch64.rpm"
    ],
    "noarch": [
        "uboot-images-armv8-2024.01-4.oe2403sp1.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "uboot-tools-2024.01-4.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "uboot-tools-2024.01-4.oe2403sp1.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp1.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp1.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json"
openEuler:24.03-LTS-SP2
uboot-tools

Package

Name
uboot-tools
Purl
pkg:rpm/openEuler/uboot-tools&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.01-4.oe2403sp2

Ecosystem specific 

{
    "aarch64": [
        "uboot-images-elf-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp2.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp2.aarch64.rpm"
    ],
    "noarch": [
        "uboot-images-armv8-2024.01-4.oe2403sp2.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "uboot-tools-2024.01-4.oe2403sp2.src.rpm"
    ],
    "x86_64": [
        "uboot-tools-2024.01-4.oe2403sp2.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp2.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp2.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json"
openEuler:24.03-LTS-SP3
uboot-tools

Package

Name
uboot-tools
Purl
pkg:rpm/openEuler/uboot-tools&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.01-4.oe2403sp3

Ecosystem specific 

{
    "aarch64": [
        "uboot-images-elf-2024.01-4.oe2403sp3.aarch64.rpm",
        "uboot-tools-2024.01-4.oe2403sp3.aarch64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp3.aarch64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp3.aarch64.rpm"
    ],
    "noarch": [
        "uboot-images-armv8-2024.01-4.oe2403sp3.noarch.rpm",
        "uboot-tools-help-2024.01-4.oe2403sp3.noarch.rpm"
    ],
    "src": [
        "uboot-tools-2024.01-4.oe2403sp3.src.rpm"
    ],
    "x86_64": [
        "uboot-tools-2024.01-4.oe2403sp3.x86_64.rpm",
        "uboot-tools-debuginfo-2024.01-4.oe2403sp3.x86_64.rpm",
        "uboot-tools-debugsource-2024.01-4.oe2403sp3.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1971.json"