| 1 |
Hi, please review the news item below. |
| 2 |
|
| 3 |
|
| 4 |
Title: GRUB security update |
| 5 |
Author: Mike Gilbert <floppym@g.o> |
| 6 |
Content-Type: text/plain |
| 7 |
Posted: 2015-12-18 |
| 8 |
Revision: 1 |
| 9 |
News-Item-Format: 1.0 |
| 10 |
Display-If-Installed: >=sys-boot/grub-2 |
| 11 |
|
| 12 |
A security flaw in GRUB's username/password authentication code has been |
| 13 |
discovered. A user with access to the system console may bypass the |
| 14 |
username prompt by entering a sequence of backspaces. See CVE-2015-8370. |
| 15 |
|
| 16 |
This vulnerability has been fixed in sys-boot/grub-2.02_beta2-r8. If you |
| 17 |
rely on GRUB's username/password functionality to secure systems, please |
| 18 |
upgrade immediately. |
| 19 |
|
| 20 |
After upgrading, make sure run the grub2-install command with options |
| 21 |
appropriate for your system. See the GRUB2 Quick Start guide [1] for |
| 22 |
examples. Your system will be vulerable until this action is performed. |
| 23 |
|
| 24 |
[1] https://wiki.gentoo.org/wiki/GRUB2_Quick_Start |
Archives