Univention Bugzilla – Full Text Bug Listing |
Summary: | grub2: CVE-2015-8370 (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Janek Walkenhorst <walkenhorst> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P4 | CC: | gohmann |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-5-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Arvid Requate
2015-12-17 14:35:30 CET
Move to 4.0-5-errata. r16546 Upstream fix backported as grub2/4.0-0-0-ucs/2.00-18-errata4.0-5/CVE-2015-8370.patch r69568 r69569 Advisory: grub2.yaml How to reproduce: --- /etc/grub.d/00_header +++ /etc/grub.d/00_header @@ -315,3 +315,8 @@ if [ "x${GRUB_BADRAM}" != "x" ] ; then echo "badram ${GRUB_BADRAM}" fi + +cat <<EOF +set superusers="benutzer" +password benutzer univention +EOF update-grub shutdown -r now On username and password prompt press Backspace at least 28 times, before trying to enter the username or password. Advisories: grub2.yaml grub-efi-amd64-signed.yaml QA: Please test UEFI boot (i.e. grub-efi-amd64-signed) too. Tests (KVM BIOS i386/amd64): OK OK: amd64 @ kvm OK: i386 @ kvm both did not crash bat did not accept correctly entered credentials - now works FAIL: dpkg-query -W grub-common # 2.00-18.108.201605261835 Version is older than 2.00-18.110.201605271548 in UCS-3.2-8 ! OK: zless /usr/share/doc/grub-common/changelog.Debian.gz OK: errata-announce -V --only grub2.yaml OK: errata-announce -V --only grub-efi-amd64-signed.yaml FIXED: r69642 grub2.yaml grub-efi-amd64-signed.yaml TODO: UEFI (In reply to Philipp Hahn from comment #5) > FAIL: dpkg-query -W grub-common # 2.00-18.108.201605261835 > Version is older than 2.00-18.110.201605271548 in UCS-3.2-8 ! Rebuilt as newer version. Tests (KVM amd64): OK Binary Diff: OK OK: dpkg-query -W grub-common grub2-common grub-pc grub-pc-bin # 2.00-18.111.201605311707 OK: zless /usr/share/doc/grub-common/changelog.Debian.gz OK: amd64 @ kvm OK: i386 @ kvm OK: UEFI @ kvm OK: UEFI+SB @ kvm <https://hutten.knut.univention.de/mediawiki/index.php/Diskussion:UEFI#UEFI> |