Unity Linux 20.1070e Security Update: uboot-tools (UTSA-2025-664209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-664209 advisory. Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdifft is...

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

...

CVE-2024-57261

In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258...

CVE-2024-57261

Technical details for CVE-2024-57261 are not provided in the supplied documents. Please monitor for updates from official advisories.

SUSE CVE-2024-57258

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdifft is mishandled on x8664...

PT-2025-6747 · Barebox · Barebox

Name of the Vulnerable Software and Affected Versions: barebox versions prior to 2025.01.0 Description: The issue is related to an integer overflow in the request2size function in common/dlmalloc.c. Recommendations: For versions prior to 2025.01.0, update to version 2025.01.0 or later to resolve...