U-Boot v2018.11 released

Tom Rini of Konsulko announced the latest release of U-Boot, including a bit of info about the two recent CVEs:

[…]I’m going to mention here as well that both CVE-2018-18439 and CVE-2018-18440 exist and are issues. As a community we’re still working on more robust fixes to them, but I want to thank Simon Goldschmidt for taking the lead on coming up with code changes for them. In the immediate term (and for older releases) note that the filesystem-based attack can be mitigated by passing a maximum size to the load command.[…]

https://lists.denx.de/pipermail/u-boot/2018-November/347424.html

Wolfgang Denk of DENX has some stats about the release at:

https://lists.denx.de/pipermail/u-boot/2018-November/347506.html

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s