------------------------------------------------------------------------- Debian LTS Advisory DLA-4320-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Daniel Leidert October 01, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : u-boot Version : 2021.01+dfsg-5+deb11u2 CVE ID : CVE-2021-27097 CVE-2021-27138 Debian Bug : 983269 983270 Multiple vulnerabilties were discovered in u-boot, a boot loader for embedded systems. CVE-2021-27097 Strange modifications of the FIT can introduce security risks. CVE-2021-27138 Using unit addresses in a FIT can pose security risks. For Debian 11 bullseye, these problems have been fixed in version 2021.01+dfsg-5+deb11u2. We recommend that you upgrade your u-boot packages. For the detailed security status of u-boot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/u-boot Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part