Stay Secure with the Latest Linux Advisories

security advisorybuffer overflowcritical

Debian DSA-4867-1 Critical: Grub2 Security Risks Detected

Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-14372 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4867-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : grub2 CVE ID : CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-14372 It was discovered that the acpi command allows a privileged user to load crafted ACPI tables when Secure Boot is enabled. CVE-2020-25632 A use-after-free vulnerability was found in the rmmod command. CVE-2020-25647 An out-of-bound write vulnerability was found in the grub_usb_device_initialize() function, which is called to handle USB device initialization. CVE-2020-27749 A stack buffer overflow flaw was found in grub_parser_split_cmdline. CVE-2020-27779 It was discovered that the cutmem command allows a privileged user to remove memory regions when Secure Boot is enabled. CVE-2021-20225 A heap out-of-bounds write vulnerability was found in the short form option parser. CVE-2021-20233 A heap out-of-bound write flaw was found caused by mis-calculation of space required for quoting in the menu rendering. Further detailed information can be found at For the stable distribution (buster), these problems have been fixed in version 2.02+dfsg1-20+deb10u4. We recommend that you upgrade your grub2 packages. For the detailed security status of grub2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/grub2 Further information about Debian Security Advisories, how to apply these updates to your systemand frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance grub2 in light of various security flaws noted in Debian's announcement DSA-4867-1, with significant vulnerabilities present.. Debian Security Advisory, Grub2 Security Update, Bootloader Issues. . Severity: Critical. LinuxSecurity.com Team

Mar 02, 2021 •Critical Debian