1 |
Hi, please review the news item below. |
2 |
|
3 |
|
4 |
Title: GRUB security update |
5 |
Author: Mike Gilbert <floppym@g.o> |
6 |
Content-Type: text/plain |
7 |
Posted: 2015-12-18 |
8 |
Revision: 1 |
9 |
News-Item-Format: 1.0 |
10 |
Display-If-Installed: >=sys-boot/grub-2 |
11 |
|
12 |
A security flaw in GRUB's username/password authentication code has been |
13 |
discovered. A user with access to the system console may bypass the |
14 |
username prompt by entering a sequence of backspaces. See CVE-2015-8370. |
15 |
|
16 |
This vulnerability has been fixed in sys-boot/grub-2.02_beta2-r8. If you |
17 |
rely on GRUB's username/password functionality to secure systems, please |
18 |
upgrade immediately. |
19 |
|
20 |
After upgrading, make sure run the grub2-install command with options |
21 |
appropriate for your system. See the GRUB2 Quick Start guide [1] for |
22 |
examples. Your system will be vulerable until this action is performed. |
23 |
|
24 |
[1] https://wiki.gentoo.org/wiki/GRUB2_Quick_Start |