grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
* debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned
kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled
and kernel signature verification fails, do not boot the kernel. Patch
from Linn Crosetto. (LP: #1401532)
* ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch:
- Make the linux command in EFI grub always try EFI handover
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
Date: Mon, 20 Jul 2020 21:28:33 +0100
Changed-By: Chris Coulson <chris.coul...@canonical.com>
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-027.buildd>
Format: 1.8
Date: Mon, 20 Jul 2020 21:28:33 +0100
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu
grub-emu-dbg grub-pc-bin grub-pc-dbg grub-pc grub-rescue-pc grub-coreboot-bin
grub-coreboot-dbg grub-coreboot grub-efi-ia32-bin grub-efi-ia32-dbg
grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64-dbg grub-efi-amd64
grub-efi-ia64-bin grub-efi-ia64-dbg grub-efi-ia64 grub-efi-arm-bin
grub-efi-arm-dbg grub-efi-arm grub-efi-arm64-bin grub-efi-arm64-dbg
grub-efi-arm64 grub-ieee1275-bin grub-ieee1275-dbg grub-ieee1275
grub-firmware-qemu grub-uboot-bin grub-uboot-dbg grub-uboot grub-xen-bin
grub-xen-dbg grub-xen grub-xen-host grub-yeeloong-bin grub-yeeloong-dbg
grub-yeeloong grub-theme-starfield grub-mount-udeb
Architecture: arm64 arm64_translations
Version: 2.02~beta2-36ubuntu3.26
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-027.buildd>
Changed-By: Chris Coulson <chris.coul...@canonical.com>
Description:
grub-common - GRand Unified Bootloader (common files)
grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
grub-coreboot-dbg - GRand Unified Bootloader, version 2 (Coreboot debug files)
grub-efi - GRand Unified Bootloader, version 2 (dummy package)
grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
grub-efi-amd64-dbg - GRand Unified Bootloader, version 2 (EFI-AMD64 debug
files)
grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version)
grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI binaries)
grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files)
grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version)
grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI binaries)
grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug
files)
grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
grub-efi-ia32-dbg - GRand Unified Bootloader, version 2 (EFI-IA32 debug files)
grub-efi-ia64 - GRand Unified Bootloader, version 2 (IA64 version)
grub-efi-ia64-bin - GRand Unified Bootloader, version 2 (IA64 binaries)
grub-efi-ia64-dbg - GRand Unified Bootloader, version 2 (IA64 debug files)
grub-emu - GRand Unified Bootloader, version 2 (emulated version)
grub-emu-dbg - GRand Unified Bootloader, version 2 (emulated debug files)
grub-firmware-qemu - GRUB firmware image for QEMU
grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware
binaries)
grub-ieee1275-dbg - GRand Unified Bootloader, version 2 (Open Firmware debug
files)
grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
grub-pc - GRand Unified Bootloader, version 2 (PC/BIOS version)
grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files)
grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme)
grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version)
grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot binaries)
grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files)
grub-xen - GRand Unified Bootloader, version 2 (Xen version)
grub-xen-bin - GRand Unified Bootloader, version 2 (Xen binaries)
grub-xen-dbg - GRand Unified Bootloader, version 2 (Xen debug files)
grub-xen-host - GRand Unified Bootloader, version 2 (Xen host version)
grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files)
grub2 - GRand Unified Bootloader, version 2 (dummy package)
grub2-common - GRand Unified Bootloader (common files for version 2)
Launchpad-Bugs-Fixed: 1401532
Changes:
grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium
.
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
* debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned
kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled
and kernel signature verification fails, do not boot the kernel. Patch
from Linn Crosetto. (LP: #1401532)
* ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch:
- Make the linux command in EFI grub always try EFI handover
.
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
Checksums-Sha1:
45b7c316ee044d12cbb40095313e8f0e2666b689 2935444
grub-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
7ce986aface2ccde896947ff07b11848c4e68bd0 1555874
grub-common_2.02~beta2-36ubuntu3.26_arm64.deb
19af548ac6ece4d686d6cfb3e2763c31f28a1cb3 509788
grub-efi-arm64-bin_2.02~beta2-36ubuntu3.26_arm64.deb
167926f06b51eb33d4dec36a47fee053ace58738 2335100
grub-efi-arm64-dbg_2.02~beta2-36ubuntu3.26_arm64.deb
242be98f3f1287bae78867c765a5dabeaeed2ece 65758
grub-efi-arm64_2.02~beta2-36ubuntu3.26_arm64.deb
1806220f6830235ca77d9b9524d982495f9a9fba 771444
grub-mount-udeb-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
1cdd0559f600067297990e82660ca5d211aaee95 300198
grub-mount-udeb_2.02~beta2-36ubuntu3.26_arm64.udeb
e59f7220f44756d673eed83a7054384294e506ff 1666234
grub-theme-starfield_2.02~beta2-36ubuntu3.26_arm64.deb
60c94788796d3337835896090f53635e22f44d19 832440
grub2-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
0609c9fb0a208b8b532ed4e82ae9208f12bd08f0 464614
grub2-common_2.02~beta2-36ubuntu3.26_arm64.deb
6e0fc0894a47df5c9e3c1932da77c81f4ebc965f 1012238
grub2_2.02~beta2-36ubuntu3.26_arm64.tar.gz
eb735f71a3ed70da7b9dbf1204ad068bf6b1e407 3971962
grub2_2.02~beta2-36ubuntu3.26_arm64_translations.tar.gz
Checksums-Sha256:
1e2a11ea3900903c5025fb5c6b8af9684e4ce3767e973aa6253b836a09101dcd 2935444
grub-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
7def60b174fa591fb30b202ebb4a0173e844976f0e06ac202b91d56ef7792357 1555874
grub-common_2.02~beta2-36ubuntu3.26_arm64.deb
e5b6ebc26b7c784dcd89e9d7e3667c979b8f508ab2ce5aa3e2d1d3f2509b6b59 509788
grub-efi-arm64-bin_2.02~beta2-36ubuntu3.26_arm64.deb
be2793d2450bd306b7eb57ad777ed0e6c254913ed663d1892fd1f164976e4063 2335100
grub-efi-arm64-dbg_2.02~beta2-36ubuntu3.26_arm64.deb
a592a4362260ccc8427a185d953230045b43ce65caf4f20723ce3c8db4a7c1db 65758
grub-efi-arm64_2.02~beta2-36ubuntu3.26_arm64.deb
b0f0cc33b42b43342f207a705a188c30bcfd3203096b76a81fce560f1f2c02f4 771444
grub-mount-udeb-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
8b3035d2a593f856c2d000c1bff85e3ae9afd3bd189270c1c77d013cc4846a04 300198
grub-mount-udeb_2.02~beta2-36ubuntu3.26_arm64.udeb
55fcec784b0e9bf4af82f88a7e03bd4aaa1bfca03d2ee82af8ecedde890739d2 1666234
grub-theme-starfield_2.02~beta2-36ubuntu3.26_arm64.deb
80dee6ff2ee887d2f26984ca307821f9c073d7a66150b879d871322a2884fef4 832440
grub2-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
c591ffe911c47de7ee54c6847330272891439e570978f4bd77c91496abc14f38 464614
grub2-common_2.02~beta2-36ubuntu3.26_arm64.deb
fa9ff589e7aac324b14818408bf260933b468772fd4cb2556ca9d33431b023b8 1012238
grub2_2.02~beta2-36ubuntu3.26_arm64.tar.gz
cc2fe98ded3a6c156794ec36b58652c594441486f894afac3163cc53208359fb 3971962
grub2_2.02~beta2-36ubuntu3.26_arm64_translations.tar.gz
Files:
8d8eff6abeb39e251a96f981d97f36fe 2935444 admin extra
grub-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
a86f20e6d157b64ceb436a67e4769e6d 1555874 admin optional
grub-common_2.02~beta2-36ubuntu3.26_arm64.deb
c4115f56ba95519f0520e3545831ead0 509788 admin extra
grub-efi-arm64-bin_2.02~beta2-36ubuntu3.26_arm64.deb
5f60acce5cf951a07fc040944ce62cc8 2335100 debug extra
grub-efi-arm64-dbg_2.02~beta2-36ubuntu3.26_arm64.deb
767013dbb8dc3252efa189fc89576e5a 65758 admin extra
grub-efi-arm64_2.02~beta2-36ubuntu3.26_arm64.deb
d9dbd02b0aa0dbb29ccb57547e2a0503 771444 debian-installer extra
grub-mount-udeb-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
05c8456bcad25441ef76d94efc4a3e2f 300198 debian-installer extra
grub-mount-udeb_2.02~beta2-36ubuntu3.26_arm64.udeb
173b9124f7f7c3854eed8b499eb8120e 1666234 admin extra
grub-theme-starfield_2.02~beta2-36ubuntu3.26_arm64.deb
de270c2af021cb9d0419925b3da46d29 832440 admin extra
grub2-common-dbgsym_2.02~beta2-36ubuntu3.26_arm64.ddeb
d94f39fefefb890db4137598569719f4 464614 admin optional
grub2-common_2.02~beta2-36ubuntu3.26_arm64.deb
f4cad30d814acfce8640a7ab28ea269e 1012238 raw-uefi -
grub2_2.02~beta2-36ubuntu3.26_arm64.tar.gz
1e6e67e2d3fd244c07ed9a384500eec7 3971962 raw-translations -
grub2_2.02~beta2-36ubuntu3.26_arm64_translations.tar.gz
Original-Maintainer: GRUB Maintainers <pkg-grub-de...@lists.alioth.debian.org>
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
