Univention Bugzilla – Bug 56742
grub2: Multiple issues (5.0)
Last modified: 2023-10-18 16:20:34 CEST
New Debian grub2 2.06-3~deb10u4 fixes: This update addresses the following issues: 2.06-3~deb10u4 (Mon, 02 Oct 2023 16:11:34 +0200) [ Mate Kukri ] * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume- label.patch: fs/ntfs: Fix an OOB read when parsing a volume label - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for- index-at.patch: fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory- entries-fr.patch: fs/ntfs: Fix an OOB read when parsing directory entries from resident and non-resident index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe- reside.patch: fs/ntfs: Fix an OOB read when reading data from the resident $DATA + attribute - CVE-2023-4693 * SECURITY UPDATE: Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the- ATTRIBUTE_LIST-.patch: fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for the $MFT file - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch fs/ntfs: Make code more readable - CVE-2023-4692 [ Julian Andres Klode ] * Bump SBAT to grub,4
--- mirror/ftp/pool/main/g/grub-efi-amd64-signed/grub-efi-amd64-signed_1+2.06+3~deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/grub-efi-amd64-signed_1+2.06+3~deb10u4.dsc @@ -1,6 +1,6 @@ -1+2.06+3~deb10u3 [Thu, 08 Dec 2022 00:19:43 +0000] Debian signing service <ftpmaster@debian.org>: +1+2.06+3~deb10u4 [Mon, 02 Oct 2023 16:11:34 +0200] Debian signing service <ftpmaster@debian.org>: - * Update to grub2 2.06-3~deb10u3 + * Update to grub2 2.06-3~deb10u4 1 [Sat, 07 Apr 2018 17:16:27 +0200] Philipp Matthias Hahn <pmhahn@debian.org>: <http://piuparts.knut.univention.de/5.0-5/#4984838250882873892>
--- mirror/ftp/pool/main/g/grub2/grub2_2.06-3~deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/grub2_2.06-3~deb10u4.dsc @@ -1,3 +1,36 @@ +2.06-3~deb10u4 [Mon, 02 Oct 2023 16:11:34 +0200] Julian Andres Klode <jak@debian.org>: + + [ Mate Kukri ] + * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write + and may leak sensitive information into the GRUB pager. + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume- + label.patch: + fs/ntfs: Fix an OOB read when parsing a volume label + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for- + index-at.patch: + fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory- + entries-fr.patch: + fs/ntfs: Fix an OOB read when parsing directory entries from resident and + non-resident index attributes + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe- + reside.patch: + fs/ntfs: Fix an OOB read when reading data from the resident $DATA + + attribute + - CVE-2023-4693 + * SECURITY UPDATE: Crafted file system images can cause heap-based buffer + overflow and may allow arbitrary code execution and secure boot bypass. + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the- + ATTRIBUTE_LIST-.patch: + fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for + the $MFT file + - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch + fs/ntfs: Make code more readable + - CVE-2023-4692 + + [ Julian Andres Klode ] + * Bump SBAT to grub,4 + 2.06-3~deb10u3 [Thu, 08 Dec 2022 00:19:43 +0000] Steve McIntyre <93sam@debian.org>: [ Steve McIntyre ] <http://piuparts.knut.univention.de/5.0-5/#4984838250882873892>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts OK: SecureBoot [5.0-5] d845e99cd0 Bug #56742: grub2 2.06-3~deb10u4 doc/errata/staging/grub2.yaml | 29 +++++------------------------ 1 file changed, 5 insertions(+), 24 deletions(-) [5.0-5] 79cecf6ce9 Bug #56742: grub2 2.06-3~deb10u4 doc/errata/staging/grub2.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x851> <https://errata.software-univention.de/#/?erratum=5.0x852>