Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 429
Alerts This Week
Warning Icon 1 429

Moderate Grub2 Administrative Access Vulnerability in Scientific Linux SL7

Scientific Large Esm H446
Moderate: grub2 security and bug fix update
Date: Mon, 21 Dec 2015 23:19:00 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: grub2 on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20151221231900.7116.42383@slpackages.fnal.gov>

Synopsis: Moderate: grub2 security and bug fix update
Advisory ID: SLSA-2015:2623-1
Issue Date: 2015-12-15
CVE Numbers: CVE-2015-8370
--

A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system. (CVE-2015-8370)

This update also fixes the following bug:

* When upgrading from Scientific Linux 7.1 and earlier, a configured boot
password was not correctly migrated to the newly introduced user.cfg
configuration files. This could possibly prevent system administratorsfrom changing grub2 configuration during system boot even if they provided
the correct password. This update corrects the password migration script
and the incorrectly generated user.cfg file.
--

SL7
 x86_64
 grub2-2.02-0.33.el7_2.x86_64.rpm
 grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm
 grub2-efi-2.02-0.33.el7_2.x86_64.rpm
 grub2-tools-2.02-0.33.el7_2.x86_64.rpm
 grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm

- Scientific Linux Development Team