u-boot*: security update to 2019.07

[KexyBiscuit]

CVE IDs: CVE-2019-13103, CVE-2019-13104, CVE-2019-13105, CVE-2019-13106, CVE-2019-14192

Other security advisory IDs: N/A

Descriptions: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

Patches: N/A

PoC(s): U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)

Architectural progress:

• AArch64 arm64
• ARMv7 armel

[KexyBiscuit]

4 more CVEs added.