An update for uboot-tools is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1834 Final 1.0 1.0 2026-04-11 Initial 2026-04-11 2026-04-11 openEuler SA Tool V1.0 2026-04-11 uboot-tools security update An update for uboot-tools is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2 This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fw_printenv and fw_setenv programs to read and modify U-Boot's environment. Security Fix(es): barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a signed configuration. mkimage(1) sets the hashed-nodes property of the FIT signature node to list which nodes of the FIT were hashed as part of the signing process as these will need to be verified later on by the bootloader. However, hashed-nodes itself is not part of the hash and could therefore be modified to allow booting different images than those that have been verified. This issue has been patched in barebox versions 2026.03.1 and backported to 2025.09.3.(CVE-2026-33243) An update for uboot-tools is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High uboot-tools https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1834 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33243 https://nvd.nist.gov/vuln/detail/CVE-2026-33243 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 uboot-tools-2024.01-3.oe2403sp3.src.rpm uboot-tools-2020.07-10.oe2003sp4.src.rpm uboot-tools-2021.10-11.oe2203sp4.src.rpm uboot-tools-2024.01-3.oe2403.src.rpm uboot-tools-2024.01-3.oe2403sp1.src.rpm uboot-tools-2024.01-3.oe2403sp2.src.rpm uboot-tools-2024.01-3.oe2403sp3.x86_64.rpm uboot-tools-debuginfo-2024.01-3.oe2403sp3.x86_64.rpm uboot-tools-debugsource-2024.01-3.oe2403sp3.x86_64.rpm uboot-tools-2020.07-10.oe2003sp4.x86_64.rpm uboot-tools-debuginfo-2020.07-10.oe2003sp4.x86_64.rpm uboot-tools-debugsource-2020.07-10.oe2003sp4.x86_64.rpm uboot-tools-2021.10-11.oe2203sp4.x86_64.rpm uboot-tools-debuginfo-2021.10-11.oe2203sp4.x86_64.rpm uboot-tools-debugsource-2021.10-11.oe2203sp4.x86_64.rpm uboot-tools-2024.01-3.oe2403.x86_64.rpm uboot-tools-debuginfo-2024.01-3.oe2403.x86_64.rpm uboot-tools-debugsource-2024.01-3.oe2403.x86_64.rpm uboot-tools-2024.01-3.oe2403sp1.x86_64.rpm uboot-tools-debuginfo-2024.01-3.oe2403sp1.x86_64.rpm uboot-tools-debugsource-2024.01-3.oe2403sp1.x86_64.rpm uboot-tools-2024.01-3.oe2403sp2.x86_64.rpm uboot-tools-debuginfo-2024.01-3.oe2403sp2.x86_64.rpm uboot-tools-debugsource-2024.01-3.oe2403sp2.x86_64.rpm uboot-images-armv8-2024.01-3.oe2403sp3.noarch.rpm uboot-tools-help-2024.01-3.oe2403sp3.noarch.rpm uboot-images-armv8-2020.07-10.oe2003sp4.noarch.rpm uboot-tools-help-2020.07-10.oe2003sp4.noarch.rpm uboot-images-armv8-2021.10-11.oe2203sp4.noarch.rpm uboot-tools-help-2021.10-11.oe2203sp4.noarch.rpm uboot-images-armv8-2024.01-3.oe2403.noarch.rpm uboot-tools-help-2024.01-3.oe2403.noarch.rpm uboot-images-armv8-2024.01-3.oe2403sp1.noarch.rpm uboot-tools-help-2024.01-3.oe2403sp1.noarch.rpm uboot-images-armv8-2024.01-3.oe2403sp2.noarch.rpm uboot-tools-help-2024.01-3.oe2403sp2.noarch.rpm uboot-images-elf-2024.01-3.oe2403sp3.aarch64.rpm uboot-tools-2024.01-3.oe2403sp3.aarch64.rpm uboot-tools-debuginfo-2024.01-3.oe2403sp3.aarch64.rpm uboot-tools-debugsource-2024.01-3.oe2403sp3.aarch64.rpm uboot-images-elf-2020.07-10.oe2003sp4.aarch64.rpm uboot-tools-2020.07-10.oe2003sp4.aarch64.rpm uboot-tools-debuginfo-2020.07-10.oe2003sp4.aarch64.rpm uboot-tools-debugsource-2020.07-10.oe2003sp4.aarch64.rpm uboot-images-elf-2021.10-11.oe2203sp4.aarch64.rpm uboot-tools-2021.10-11.oe2203sp4.aarch64.rpm uboot-tools-debuginfo-2021.10-11.oe2203sp4.aarch64.rpm uboot-tools-debugsource-2021.10-11.oe2203sp4.aarch64.rpm uboot-images-elf-2024.01-3.oe2403.aarch64.rpm uboot-tools-2024.01-3.oe2403.aarch64.rpm uboot-tools-debuginfo-2024.01-3.oe2403.aarch64.rpm uboot-tools-debugsource-2024.01-3.oe2403.aarch64.rpm uboot-images-elf-2024.01-3.oe2403sp1.aarch64.rpm uboot-tools-2024.01-3.oe2403sp1.aarch64.rpm uboot-tools-debuginfo-2024.01-3.oe2403sp1.aarch64.rpm uboot-tools-debugsource-2024.01-3.oe2403sp1.aarch64.rpm uboot-images-elf-2024.01-3.oe2403sp2.aarch64.rpm uboot-tools-2024.01-3.oe2403sp2.aarch64.rpm uboot-tools-debuginfo-2024.01-3.oe2403sp2.aarch64.rpm uboot-tools-debugsource-2024.01-3.oe2403sp2.aarch64.rpm barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a signed configuration. mkimage(1) sets the hashed-nodes property of the FIT signature node to list which nodes of the FIT were hashed as part of the signing process as these will need to be verified later on by the bootloader. However, hashed-nodes itself is not part of the hash and could therefore be modified to allow booting different images than those that have been verified. This issue has been patched in barebox versions 2026.03.1 and backported to 2025.09.3. 2026-04-11 CVE-2026-33243 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 High 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H uboot-tools security update 2026-04-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1834