Univention Bugzilla – Bug 55434
grub2: Multiple issues (5.0)
Last modified: 2022-11-23 16:08:30 CET
New Debian grub2 2.06-3~deb10u2 fixes: This update addresses the following issues: 2.06-3~deb10u2 (Sun, 13 Nov 2022 21:07:01 +0000) [ Steve McIntyre ] * Pull in upstream patches to harden font and image handling - CVE-2022-2601, CVE-2022-3775. * Bump SBAT level to 3 for grub-efi packages.
--- mirror/ftp/pool/main/g/grub2/grub2_2.06-3~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/grub2_2.06-3~deb10u2.dsc @@ -1,3 +1,10 @@ +2.06-3~deb10u2 [Sun, 13 Nov 2022 21:07:01 +0000] Steve McIntyre <93sam@debian.org>: + + [ Steve McIntyre ] + * Pull in upstream patches to harden font and image handling - + CVE-2022-2601, CVE-2022-3775. + * Bump SBAT level to 3 for grub-efi packages. + 2.06-3~deb10u1 [Mon, 01 Aug 2022 20:26:34 +0100] Steve McIntyre <93sam@debian.org>: [ Steve McIntyre ] <http://piuparts.knut.univention.de/5.0-2/#2838695408113454753>
--- mirror/ftp/pool/main/g/grub2/grub2_2.06-3~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/grub2_2.06-3~deb10u2.dsc @@ -1,3 +1,10 @@ +2.06-3~deb10u2 [Sun, 13 Nov 2022 21:07:01 +0000] Steve McIntyre <93sam@debian.org>: + + [ Steve McIntyre ] + * Pull in upstream patches to harden font and image handling - + CVE-2022-2601, CVE-2022-3775. + * Bump SBAT level to 3 for grub-efi packages. + 2.06-3~deb10u1 [Mon, 01 Aug 2022 20:26:34 +0100] Steve McIntyre <93sam@debian.org>: [ Steve McIntyre ] <http://piuparts.knut.univention.de/5.0-2/#7613152655441834933>
OK: yaml OK: announce_errata OK: patch OK: piuparts OK: grep -aA2 SBAT /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed OK: reboot OK: mokutil --sb-state # SecureBoot enabled [5.0-2] 07772dfd4c Bug #55434: grub2 2.06-3~deb10u2 doc/errata/staging/grub2.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) [5.0-2] 6cd345d882 Bug #55434: grub2 2.06-3~deb10u2 doc/errata/staging/grub2.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) [5.0-2] 07687ff11e Bug #55434: grub-efi-amd64-signed 1+2.06+3~deb10u2 doc/errata/staging/grub-efi-amd64-signed.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) FYI: # https://github.com/fwupd/fwupd/wiki/fwupd-flatpak apt install flatpak flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo flatpak install flathub org.freedesktop.fwupd flatpak run org.freedesktop.fwupd get-devices FYI: # https://github.com/fwupd/fwupd/wiki/fwupd-snap apt install snapd snap install fwupd --classic # Depends on GLIBC 2.34
<https://errata.software-univention.de/#/?erratum=5.0x497> <https://errata.software-univention.de/#/?erratum=5.0x498>