grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium [ Chris Coulson ] * SECURITY UPDATE: Heap buffer overflow when encountering commands that cannot be tokenized to less than 8192 characters. - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make fatal lexer errors actually be fatal - CVE-2020-10713 * SECURITY UPDATE: Multiple integer overflow bugs that could result in heap buffer allocations that were too small and subsequent heap buffer overflows when handling certain filesystems, font files or PNG images. - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add arithmetic primitives that allow for overflows to be detected - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: Make sure that there is always an overflow checking implementation of calloc() available - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where appropriate - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use overflow-safe arithmetic primitives when performing allocations based on the results of operations that might overflow - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in hfsplus - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix more potential integer overflows in lvm - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 * SECURITY UPDATE: Use-after-free when executing a command that causes a currently executing function to be redefined. - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: Remove unused fields from grub_script_function - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: Avoid a use-after-free when redefining a function during execution - CVE-2020-15706 * SECURITY UPDATE: Integer overflows that could result in heap buffer allocations that were too small and subsequent heap buffer overflows during initrd loading. - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix integer overflows in initrd size handling - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix integer overflows in linuxefi grub_cmd_initrd - CVE-2020-15707 * Various fixes as a result of code review and static analysis: - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a memory leak on realloc failures when processing symbolic links - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a memory leak when processing font files with more than one NAME section - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap after it is freed in order to avoid a potential double free later on - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an out-of-bounds read in LzmaEncode - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use priority queues and fix a double free - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix various arithmetic errors with malformed device paths - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix a NULL deref in the chainloader command introduced by a previous patch - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: Avoid a double free in the chainloader command when validation fails - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: Protect grub_relocator_alloc_chunk_addr input arguments against integer overflow / underflow - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: Protect grub_relocator_alloc_chunk_align max_addr argument against integer underflow - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix grub_relocator_alloc_chunk_align top memory allocation - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: Avoid overflow on initrd size calculation * debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled and kernel signature verification fails, do not boot the kernel. Patch from Linn Crosetto. (LP: #1401532) * ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch: - Make the linux command in EFI grub always try EFI handover
[ Dimitri John Ledkov ] * SECURITY UPDATE: Grub does not enforce kernel signature validation when the shim protocol isn't present. - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: Fail kernel validation if the shim protocol isn't available - CVE-2020-15705 Date: Mon, 20 Jul 2020 21:28:33 +0100 Changed-By: Chris Coulson <chris.coul...@canonical.com> Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-027.buildd>
Format: 1.8 Date: Mon, 20 Jul 2020 21:28:33 +0100 Source: grub2 Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu grub-emu-dbg grub-pc-bin grub-pc-dbg grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot-dbg grub-coreboot grub-efi-ia32-bin grub-efi-ia32-dbg grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64-dbg grub-efi-amd64 grub-efi-ia64-bin grub-efi-ia64-dbg grub-efi-ia64 grub-efi-arm-bin grub-efi-arm-dbg grub-efi-arm grub-efi-arm64-bin grub-efi-arm64-dbg grub-efi-arm64 grub-ieee1275-bin grub-ieee1275-dbg grub-ieee1275 grub-firmware-qemu grub-uboot-bin grub-uboot-dbg grub-uboot grub-xen-bin grub-xen-dbg grub-xen grub-xen-host grub-yeeloong-bin grub-yeeloong-dbg grub-yeeloong grub-theme-starfield grub-mount-udeb Architecture: arm64 arm64_translations Version: 2.02~beta2-36ubuntu3.26 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-027.buildd> Changed-By: Chris Coulson <chris.coul...@canonical.com> Description: grub-common - GRand Unified Bootloader (common files) grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version) grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries) grub-coreboot-dbg - GRand Unified Bootloader, version 2 (Coreboot debug files) grub-efi - GRand Unified Bootloader, version 2 (dummy package) grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version) grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries) grub-efi-amd64-dbg - GRand Unified Bootloader, version 2 (EFI-AMD64 debug files) grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version) grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI binaries) grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files) grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version) grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI binaries) grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug files) grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version) grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries) grub-efi-ia32-dbg - GRand Unified Bootloader, version 2 (EFI-IA32 debug files) grub-efi-ia64 - GRand Unified Bootloader, version 2 (IA64 version) grub-efi-ia64-bin - GRand Unified Bootloader, version 2 (IA64 binaries) grub-efi-ia64-dbg - GRand Unified Bootloader, version 2 (IA64 debug files) grub-emu - GRand Unified Bootloader, version 2 (emulated version) grub-emu-dbg - GRand Unified Bootloader, version 2 (emulated debug files) grub-firmware-qemu - GRUB firmware image for QEMU grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version) grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware binaries) grub-ieee1275-dbg - GRand Unified Bootloader, version 2 (Open Firmware debug files) grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package) grub-mount-udeb - export GRUB filesystems using FUSE (udeb) grub-pc - GRand Unified Bootloader, version 2 (PC/BIOS version) grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries) grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files) grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version) grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme) grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version) grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot binaries) grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files) grub-xen - GRand Unified Bootloader, version 2 (Xen version) grub-xen-bin - GRand Unified Bootloader, version 2 (Xen binaries) grub-xen-dbg - GRand Unified Bootloader, version 2 (Xen debug files) grub-xen-host - GRand Unified Bootloader, version 2 (Xen host version) grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version) grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries) grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files) grub2 - GRand Unified Bootloader, version 2 (dummy package) grub2-common - GRand Unified Bootloader (common files for version 2) Launchpad-Bugs-Fixed: 1401532 Changes: grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium . [ Chris Coulson ] * SECURITY UPDATE: Heap buffer overflow when encountering commands that cannot be tokenized to less than 8192 characters. - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make fatal lexer errors actually be fatal - CVE-2020-10713 * SECURITY UPDATE: Multiple integer overflow bugs that could result in heap buffer allocations that were too small and subsequent heap buffer overflows when handling certain filesystems, font files or PNG images. - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add arithmetic primitives that allow for overflows to be detected - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: Make sure that there is always an overflow checking implementation of calloc() available - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where appropriate - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use overflow-safe arithmetic primitives when performing allocations based on the results of operations that might overflow - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in hfsplus - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix more potential integer overflows in lvm - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 * SECURITY UPDATE: Use-after-free when executing a command that causes a currently executing function to be redefined. - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: Remove unused fields from grub_script_function - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: Avoid a use-after-free when redefining a function during execution - CVE-2020-15706 * SECURITY UPDATE: Integer overflows that could result in heap buffer allocations that were too small and subsequent heap buffer overflows during initrd loading. - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix integer overflows in initrd size handling - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix integer overflows in linuxefi grub_cmd_initrd - CVE-2020-15707 * Various fixes as a result of code review and static analysis: - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a memory leak on realloc failures when processing symbolic links - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a memory leak when processing font files with more than one NAME section - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap after it is freed in order to avoid a potential double free later on - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an out-of-bounds read in LzmaEncode - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use priority queues and fix a double free - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix various arithmetic errors with malformed device paths - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix a NULL deref in the chainloader command introduced by a previous patch - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: Avoid a double free in the chainloader command when validation fails - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: Protect grub_relocator_alloc_chunk_addr input arguments against integer overflow / underflow - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: Protect grub_relocator_alloc_chunk_align max_addr argument against integer underflow - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix grub_relocator_alloc_chunk_align top memory allocation - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: Avoid overflow on initrd size calculation * debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled and kernel signature verification fails, do not boot the kernel. Patch from Linn Crosetto. (LP: #1401532) * ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch: - Make the linux command in EFI grub always try EFI handover . [ Dimitri John Ledkov ] * SECURITY UPDATE: Grub does not enforce kernel signature validation when the shim protocol isn't present. - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: Fail kernel validation if the shim protocol isn't available - CVE-2020-15705 Checksums-Sha1: 45b7c316ee044d12cbb40095313e8f0e2666b689 2935444 grub-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb 7ce986aface2ccde896947ff07b11848c4e68bd0 1555874 grub-common_2.02~beta2-36ubuntu3.26_arm64.deb 19af548ac6ece4d686d6cfb3e2763c31f28a1cb3 509788 grub-efi-arm64-bin_2.02~beta2-36ubuntu3.26_arm64.deb 167926f06b51eb33d4dec36a47fee053ace58738 2335100 grub-efi-arm64-dbg_2.02~beta2-36ubuntu3.26_arm64.deb 242be98f3f1287bae78867c765a5dabeaeed2ece 65758 grub-efi-arm64_2.02~beta2-36ubuntu3.26_arm64.deb 1806220f6830235ca77d9b9524d982495f9a9fba 771444 grub-mount-udeb-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb 1cdd0559f600067297990e82660ca5d211aaee95 300198 grub-mount-udeb_2.02~beta2-36ubuntu3.26_arm64.udeb e59f7220f44756d673eed83a7054384294e506ff 1666234 grub-theme-starfield_2.02~beta2-36ubuntu3.26_arm64.deb 60c94788796d3337835896090f53635e22f44d19 832440 grub2-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb 0609c9fb0a208b8b532ed4e82ae9208f12bd08f0 464614 grub2-common_2.02~beta2-36ubuntu3.26_arm64.deb 6e0fc0894a47df5c9e3c1932da77c81f4ebc965f 1012238 grub2_2.02~beta2-36ubuntu3.26_arm64.tar.gz eb735f71a3ed70da7b9dbf1204ad068bf6b1e407 3971962 grub2_2.02~beta2-36ubuntu3.26_arm64_translations.tar.gz Checksums-Sha256: 1e2a11ea3900903c5025fb5c6b8af9684e4ce3767e973aa6253b836a09101dcd 2935444 grub-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb 7def60b174fa591fb30b202ebb4a0173e844976f0e06ac202b91d56ef7792357 1555874 grub-common_2.02~beta2-36ubuntu3.26_arm64.deb e5b6ebc26b7c784dcd89e9d7e3667c979b8f508ab2ce5aa3e2d1d3f2509b6b59 509788 grub-efi-arm64-bin_2.02~beta2-36ubuntu3.26_arm64.deb be2793d2450bd306b7eb57ad777ed0e6c254913ed663d1892fd1f164976e4063 2335100 grub-efi-arm64-dbg_2.02~beta2-36ubuntu3.26_arm64.deb a592a4362260ccc8427a185d953230045b43ce65caf4f20723ce3c8db4a7c1db 65758 grub-efi-arm64_2.02~beta2-36ubuntu3.26_arm64.deb b0f0cc33b42b43342f207a705a188c30bcfd3203096b76a81fce560f1f2c02f4 771444 grub-mount-udeb-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb 8b3035d2a593f856c2d000c1bff85e3ae9afd3bd189270c1c77d013cc4846a04 300198 grub-mount-udeb_2.02~beta2-36ubuntu3.26_arm64.udeb 55fcec784b0e9bf4af82f88a7e03bd4aaa1bfca03d2ee82af8ecedde890739d2 1666234 grub-theme-starfield_2.02~beta2-36ubuntu3.26_arm64.deb 80dee6ff2ee887d2f26984ca307821f9c073d7a66150b879d871322a2884fef4 832440 grub2-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb c591ffe911c47de7ee54c6847330272891439e570978f4bd77c91496abc14f38 464614 grub2-common_2.02~beta2-36ubuntu3.26_arm64.deb fa9ff589e7aac324b14818408bf260933b468772fd4cb2556ca9d33431b023b8 1012238 grub2_2.02~beta2-36ubuntu3.26_arm64.tar.gz cc2fe98ded3a6c156794ec36b58652c594441486f894afac3163cc53208359fb 3971962 grub2_2.02~beta2-36ubuntu3.26_arm64_translations.tar.gz Files: 8d8eff6abeb39e251a96f981d97f36fe 2935444 admin extra grub-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb a86f20e6d157b64ceb436a67e4769e6d 1555874 admin optional grub-common_2.02~beta2-36ubuntu3.26_arm64.deb c4115f56ba95519f0520e3545831ead0 509788 admin extra grub-efi-arm64-bin_2.02~beta2-36ubuntu3.26_arm64.deb 5f60acce5cf951a07fc040944ce62cc8 2335100 debug extra grub-efi-arm64-dbg_2.02~beta2-36ubuntu3.26_arm64.deb 767013dbb8dc3252efa189fc89576e5a 65758 admin extra grub-efi-arm64_2.02~beta2-36ubuntu3.26_arm64.deb d9dbd02b0aa0dbb29ccb57547e2a0503 771444 debian-installer extra grub-mount-udeb-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb 05c8456bcad25441ef76d94efc4a3e2f 300198 debian-installer extra grub-mount-udeb_2.02~beta2-36ubuntu3.26_arm64.udeb 173b9124f7f7c3854eed8b499eb8120e 1666234 admin extra grub-theme-starfield_2.02~beta2-36ubuntu3.26_arm64.deb de270c2af021cb9d0419925b3da46d29 832440 admin extra grub2-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb d94f39fefefb890db4137598569719f4 464614 admin optional grub2-common_2.02~beta2-36ubuntu3.26_arm64.deb f4cad30d814acfce8640a7ab28ea269e 1012238 raw-uefi - grub2_2.02~beta2-36ubuntu3.26_arm64.tar.gz 1e6e67e2d3fd244c07ed9a384500eec7 3971962 raw-translations - grub2_2.02~beta2-36ubuntu3.26_arm64_translations.tar.gz Original-Maintainer: GRUB Maintainers <pkg-grub-de...@lists.alioth.debian.org>
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes