Source: grub2 Version: 2.06-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for grub2. CVE-2021-3981[0]: | Incorrect permission in grub.cfg allow unprivileged user to read the | file content It was only introduced with [1] and patch upstream is in [2]. When the config contains "^password" then the grub.cfg would need to be created with stricter permissions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3981 [1] https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d [2] https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html [3] https://bugzilla.redhat.com/show_bug.cgi?id=2024170 Regards, Salvatore
