-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2589.2
                           grub2 security update
                               31 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           GRUB2 Bootloader
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
Impact/Access:     Root Compromise                 -- Existing Account
                   Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Modify Arbitrary Files          -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15707 CVE-2020-15706 CVE-2020-14311
                   CVE-2020-14310 CVE-2020-14309 CVE-2020-14308
                   CVE-2020-10713  

Reference:         ASB-2020.0136
                   ASB-2020.0135

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4735

Revision History:  July 31 2020: Initial update in DSA 4735-1 caused boot-regression 
                                 when chainloading another bootloader, grub2 packages 
                                 have been updated to correct this issue
                   July 30 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4735-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 30, 2020                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : grub2
Debian Bug     : 966554

The update for grub2 released as DSA 4735-1 caused a boot-regression
when chainloading another bootlaoder and breaking notably dual-boot with
Windows. Updated grub2 packages are now available to correct this issue.

For the stable distribution (buster), this problem has been fixed in
version 2.02+dfsg1-20+deb10u2.

We recommend that you upgrade your grub2 packages.

For the detailed security status of grub2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/grub2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8jP8lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SKJw/8CEDjqhtooYUWozuhMnug7SUrsmFxGoMNNuz9LZ4VOqukpZJcLkppzhQ/
MfPL1ziBhzW6VREdrlOV1GAqmdd0APe9CSFSPiJOLc3PNliCgpCbRd+fJxhewISr
AK/PQguuMbg2KhYOSNn7RAg6WHO/wJ8Pa0AUu6xIl1LbwHR/x4Z8Mr7MtI/caf01
G6kPzLS29MNzry0r2aXTYpjpoxtHAq10rkkyZXE+w7TyVdOQnSoxBMmKGdOeYv0p
oLZANi1/ihs7/c4umrPa3qCKi2HYgRpysCVnxPTYHMsj8Poc9wlQstQic754KuE1
ije2ZHmmzis9rCoU2vh3rrsRalbaMLyGOrTBfsWTfP0AS640pUyFvB8CQs2qN6HF
IQIEkDqj8Xs2W3OTRRw4Qsx3CGHbCC1X2uYzYFnG0UqqY7081t5h6YBTDUExo/4I
4oOjxs/d6y5wqhlgQvxLEYdbepK+gNlCG99V78bBptjcPAsmKriQk9fbjpXDLNf/
dfgUN6t9rvyPiQ0kj+Q+b2GPD8N8ZWp+fqcn3xugxZm0XG0xLyep8aAx/6OLXuWv
FvO+/a8MYfzpCZNlXF7BaX4CROWeRJlYf1dhluz1YLFPIiIFriqsoGaFIUS6lJTK
1J11Eq3lSmuHNymbPJR98RyU7HmHh5TgLtA2F13+s1YBWJNjDmw=
=AVgd
- - -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - - -------------------------------------------------------------------------
Debian Security Advisory DSA-4735-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
July 29, 2020                         https://www.debian.org/security/faq
- - - -------------------------------------------------------------------------

Package        : grub2
CVE ID         : CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310
                 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707

Several vulnerabilities have been discovered in the GRUB2 bootloader.

CVE-2020-10713

    A flaw in the grub.cfg parsing code was found allowing to break
    UEFI Secure Boot and load arbitrary code. Details can be found at
    https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

CVE-2020-14308

    It was discovered that grub_malloc does not validate the allocation
    size allowing for arithmetic overflow and subsequently a heap-based
    buffer overflow.

CVE-2020-14309

    An integer overflow in grub_squash_read_symlink may lead to a heap-
    based buffer overflow.

CVE-2020-14310

    An integer overflow in read_section_from_string may lead to a heap-
    based buffer overflow.

CVE-2020-14311

    An integer overflow in grub_ext2_read_link may lead to a heap-based
    buffer overflow.

CVE-2020-15706

    script: Avoid a use-after-free when redefining a function during
    execution.

CVE-2020-15707

    An integer overflow flaw was found in the initrd size handling.

Further detailed information can be found at
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot

For the stable distribution (buster), these problems have been fixed in
version 2.02+dfsg1-20+deb10u1.

We recommend that you upgrade your grub2 packages.

For the detailed security status of grub2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/grub2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- - -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl8hqJsACgkQ3rYcyPpX
RFvSYwgAu1Wb8PR3en7Gvv2bM0OtFyweImB2lSD/mJ5zmp6qcF0cHcHxVlLvyLCe
H9dNnTUT0RJ9CzH1XppeYWYINAPu/Hzuhy1Kx2NtGYc6y+ao76FOMgN4H4TflFjp
aflDyupz4Wox6yqJXyDbz6wj+lvJ7U/a21l/qDD20e6OC8BqAhhHG+JR8iSgWh4f
err8hcJ1Ge6xk0kYmZ/XHgSTJSABgodVI8P0ii9bY9rW3hVx1w9AQqRtd7rA/hh6
oDn07BJ4L4Osugg67zYeZoM8F7V3M+w6F6FoTa4KW6Dauuk2ZRqoLLHSHxoL95xZ
Mxk2Hf23XYZ3V0YwCt8uB56VrzrzhQ==
=j50l
- - -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyO/zONLKJtyKPYoAQg9XQ/+PuZRYN3cFqN58aofsBMfuxU/zWKqmHIu
CE62nEYDbSJsDy3NLz7sdisO97hOG0p7nkzu+cDHh9Z6ZhviYyBR9EyiCniyyWqi
JIT2IcTram8Ym4ILbZRxMCVCR8jxSEeloj9Xg+95C+WnC5oEItQUkhNn7MSTQQKg
bP0QvK2pUJcBPQOo8zO7Wn9OVzYBo3ESJCrW7+Hk5D2kPoflX9RPXFcc7/75u2iC
3+0Ia6VmCRn+DknUhliI8N0jws2iyRIB06aQqcQXHpXSldVdWPhGkC4VD4WP5pxS
gZX6aHmsyZ5ByIN4wdch7c/nKC5bLeWloWUqBE82HMN2oJDGhmItdSIXOra4SDbb
OZi+t4cOOXMzJF/BKwjCuYRx4UmlKAG0uCH4+dMZVAudT2HLoRLtCwmT8x+e3cnf
H/J4cX3xelPRxDJ5JAM+st5V/nEz4jtUe0kDuT8sCx817RqvsbL3dWNqxS+M131F
6etIfLlh/9l9W55x4CKXq0JUF/AZ2CCAttU44j9yuy0X3/MiqoRlk4vmzvVBXiJl
WsGqMod9t4bA9X6h1VzxoYZFo78rRoWSB7rI8FOw+r2nTRpxP+RfFVQKEZfwGR28
Ltn5z5SZh+gaoS36G12f6TjfGuunw8J+q7dM1cIQo3xg0OzeDGZo5hDrq0QGe/Ma
MFuVvuuo3Ds=
=18h4
-----END PGP SIGNATURE-----