Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2589.2 grub2 security update 31 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: GRUB2 Bootloader Publisher: Debian Operating System: Debian GNU/Linux 10 Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-15707 CVE-2020-15706 CVE-2020-14311 CVE-2020-14310 CVE-2020-14309 CVE-2020-14308 CVE-2020-10713 Reference: ASB-2020.0136 ASB-2020.0135 Original Bulletin: http://www.debian.org/security/2020/dsa-4735 Revision History: July 31 2020: Initial update in DSA 4735-1 caused boot-regression when chainloading another bootloader, grub2 packages have been updated to correct this issue July 30 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4735-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 30, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : grub2 Debian Bug : 966554 The update for grub2 released as DSA 4735-1 caused a boot-regression when chainloading another bootlaoder and breaking notably dual-boot with Windows. Updated grub2 packages are now available to correct this issue. For the stable distribution (buster), this problem has been fixed in version 2.02+dfsg1-20+deb10u2. We recommend that you upgrade your grub2 packages. For the detailed security status of grub2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grub2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8jP8lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SKJw/8CEDjqhtooYUWozuhMnug7SUrsmFxGoMNNuz9LZ4VOqukpZJcLkppzhQ/ MfPL1ziBhzW6VREdrlOV1GAqmdd0APe9CSFSPiJOLc3PNliCgpCbRd+fJxhewISr AK/PQguuMbg2KhYOSNn7RAg6WHO/wJ8Pa0AUu6xIl1LbwHR/x4Z8Mr7MtI/caf01 G6kPzLS29MNzry0r2aXTYpjpoxtHAq10rkkyZXE+w7TyVdOQnSoxBMmKGdOeYv0p oLZANi1/ihs7/c4umrPa3qCKi2HYgRpysCVnxPTYHMsj8Poc9wlQstQic754KuE1 ije2ZHmmzis9rCoU2vh3rrsRalbaMLyGOrTBfsWTfP0AS640pUyFvB8CQs2qN6HF IQIEkDqj8Xs2W3OTRRw4Qsx3CGHbCC1X2uYzYFnG0UqqY7081t5h6YBTDUExo/4I 4oOjxs/d6y5wqhlgQvxLEYdbepK+gNlCG99V78bBptjcPAsmKriQk9fbjpXDLNf/ dfgUN6t9rvyPiQ0kj+Q+b2GPD8N8ZWp+fqcn3xugxZm0XG0xLyep8aAx/6OLXuWv FvO+/a8MYfzpCZNlXF7BaX4CROWeRJlYf1dhluz1YLFPIiIFriqsoGaFIUS6lJTK 1J11Eq3lSmuHNymbPJR98RyU7HmHh5TgLtA2F13+s1YBWJNjDmw= =AVgd - - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4735-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez July 29, 2020 https://www.debian.org/security/faq - - - ------------------------------------------------------------------------- Package : grub2 CVE ID : CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-10713 A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code. Details can be found at https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ CVE-2020-14308 It was discovered that grub_malloc does not validate the allocation size allowing for arithmetic overflow and subsequently a heap-based buffer overflow. CVE-2020-14309 An integer overflow in grub_squash_read_symlink may lead to a heap- based buffer overflow. CVE-2020-14310 An integer overflow in read_section_from_string may lead to a heap- based buffer overflow. CVE-2020-14311 An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow. CVE-2020-15706 script: Avoid a use-after-free when redefining a function during execution. CVE-2020-15707 An integer overflow flaw was found in the initrd size handling. Further detailed information can be found at https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot For the stable distribution (buster), these problems have been fixed in version 2.02+dfsg1-20+deb10u1. We recommend that you upgrade your grub2 packages. For the detailed security status of grub2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grub2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - - -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl8hqJsACgkQ3rYcyPpX RFvSYwgAu1Wb8PR3en7Gvv2bM0OtFyweImB2lSD/mJ5zmp6qcF0cHcHxVlLvyLCe H9dNnTUT0RJ9CzH1XppeYWYINAPu/Hzuhy1Kx2NtGYc6y+ao76FOMgN4H4TflFjp aflDyupz4Wox6yqJXyDbz6wj+lvJ7U/a21l/qDD20e6OC8BqAhhHG+JR8iSgWh4f err8hcJ1Ge6xk0kYmZ/XHgSTJSABgodVI8P0ii9bY9rW3hVx1w9AQqRtd7rA/hh6 oDn07BJ4L4Osugg67zYeZoM8F7V3M+w6F6FoTa4KW6Dauuk2ZRqoLLHSHxoL95xZ Mxk2Hf23XYZ3V0YwCt8uB56VrzrzhQ== =j50l - - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXyO/zONLKJtyKPYoAQg9XQ/+PuZRYN3cFqN58aofsBMfuxU/zWKqmHIu CE62nEYDbSJsDy3NLz7sdisO97hOG0p7nkzu+cDHh9Z6ZhviYyBR9EyiCniyyWqi JIT2IcTram8Ym4ILbZRxMCVCR8jxSEeloj9Xg+95C+WnC5oEItQUkhNn7MSTQQKg bP0QvK2pUJcBPQOo8zO7Wn9OVzYBo3ESJCrW7+Hk5D2kPoflX9RPXFcc7/75u2iC 3+0Ia6VmCRn+DknUhliI8N0jws2iyRIB06aQqcQXHpXSldVdWPhGkC4VD4WP5pxS gZX6aHmsyZ5ByIN4wdch7c/nKC5bLeWloWUqBE82HMN2oJDGhmItdSIXOra4SDbb OZi+t4cOOXMzJF/BKwjCuYRx4UmlKAG0uCH4+dMZVAudT2HLoRLtCwmT8x+e3cnf H/J4cX3xelPRxDJ5JAM+st5V/nEz4jtUe0kDuT8sCx817RqvsbL3dWNqxS+M131F 6etIfLlh/9l9W55x4CKXq0JUF/AZ2CCAttU44j9yuy0X3/MiqoRlk4vmzvVBXiJl WsGqMod9t4bA9X6h1VzxoYZFo78rRoWSB7rI8FOw+r2nTRpxP+RfFVQKEZfwGR28 Ltn5z5SZh+gaoS36G12f6TjfGuunw8J+q7dM1cIQo3xg0OzeDGZo5hDrq0QGe/Ma MFuVvuuo3Ds= =18h4 -----END PGP SIGNATURE-----