Re: squeeze update of grub2?

To: Luciano Bello <luciano@debian.org>
Cc: GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org>, security@debian.org, debian-lts@lists.debian.org
Subject: Re: squeeze update of grub2?
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Mon, 14 Dec 2015 14:15:23 +0100
Message-id: <[🔎] 20151214131523.GF11621@nomada>
In-reply-to: <1677649.sPFQBaFGRs@box>
References: <[🔎] 20151211102024.GA10882@bogon.m.sigxcpu.org> <[🔎] 20151212204428.GC11621@nomada> <1677649.sPFQBaFGRs@box>

El 13/12/15 a las 21:06, Luciano Bello escribió:
> On Saturday 12 December 2015 21.44.28 Santiago Ruano Rincón wrote:
> 
> > I've uploaded grub2 to fix this CVE for squeeze today. And attached you
> 
> > can find debdiffs for wheezy and jessie. I've already tested the jessie
> 
> > package, but not wheezy's.
> 
> >
> 
> > Please, tell me if they are Ok and if you agree to upload them.
> 
>  
> 
> Please close #807614 in your changelog. The patch looks quite direct but it
> would be great if you can test it also for wheezy, just to be on the safe side.

Done. Wheezy also works.

Luciano, I may upload them, unless you disagree or you want to do it by
yourself.

Saludos,

Santiago

diff -u grub2-1.99/debian/changelog grub2-1.99/debian/changelog
--- grub2-1.99/debian/changelog
+++ grub2-1.99/debian/changelog
@@ -1,3 +1,11 @@
+grub2 (1.99-27+deb7u3) wheezy-security; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2015-8370: buffer overflow when checking password entered
+    during bootup (Closes: #807614).
+
+ -- Santiago Ruano Rincón <santiagorr@riseup.net>  Mon, 14 Dec 2015 13:40:29 +0100
+
 grub2 (1.99-27+deb7u2) stable; urgency=low
 
   * Backport from upstream:
diff -u grub2-1.99/debian/patches/series grub2-1.99/debian/patches/series
--- grub2-1.99/debian/patches/series
+++ grub2-1.99/debian/patches/series
@@ -50,0 +51 @@
+CVE-2015-8370.patch
only in patch2:
unchanged:
--- grub2-1.99.orig/debian/patches/CVE-2015-8370.patch
+++ grub2-1.99/debian/patches/CVE-2015-8370.patch
@@ -0,0 +1,40 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+  This patch fixes two integer underflows at:
+    * grub-core/lib/crypto.c
+    * grub-core/normal/auth.c
+
+Resolves: CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+---
+ grub-core/lib/crypto.c  | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -433,7 +433,7 @@
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  continue;
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -171,7 +171,7 @@
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  grub_printf ("\b");

diff -Nru grub2-2.02~beta2/debian/changelog grub2-2.02~beta2/debian/changelog
--- grub2-2.02~beta2/debian/changelog	2015-03-23 16:30:18.000000000 +0100
+++ grub2-2.02~beta2/debian/changelog	2015-12-14 09:04:24.000000000 +0100
@@ -1,3 +1,11 @@
+grub2 (2.02~beta2-22+deb8u1) jessie-security; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2015-8370: buffer overflow when checking password entered during
+    bootup (Closes: #807614).
+
+ -- Santiago Ruano Rincón <santiagorr@riseup.net>  Sat, 12 Dec 2015 20:18:02 +0100
+
 grub2 (2.02~beta2-22) unstable; urgency=medium
 
   * Make grub-common's Suggests on grub-emu architecture-specific, to
diff -Nru grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch
--- grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch	1970-01-01 01:00:00.000000000 +0100
+++ grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch	2015-12-12 20:31:46.000000000 +0100
@@ -0,0 +1,40 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+  This patch fixes two integer underflows at:
+    * grub-core/lib/crypto.c
+    * grub-core/normal/auth.c
+
+Resolves: CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+---
+ grub-core/lib/crypto.c  | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -456,7 +456,7 @@
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  continue;
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  grub_printf ("\b");
diff -Nru grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch
--- grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch	2015-03-23 16:23:55.000000000 +0100
+++ grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch	2015-12-12 20:31:46.000000000 +0100
@@ -15,11 +15,9 @@
  grub-core/kern/efi/efi.c | 25 +++++++++++++++++--------
  1 file changed, 17 insertions(+), 8 deletions(-)
 
-diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
-index db0fd2d..3b6cf26 100644
 --- a/grub-core/kern/efi/efi.c
 +++ b/grub-core/kern/efi/efi.c
-@@ -337,7 +337,7 @@ grub_efi_modules_addr (void)
+@@ -337,7 +337,7 @@
  char *
  grub_efi_get_filename (grub_efi_device_path_t *dp0)
  {
@@ -28,7 +26,7 @@
    grub_size_t filesize = 0;
    grub_efi_device_path_t *dp;
  
-@@ -356,7 +356,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+@@ -356,7 +356,7 @@
  	  grub_efi_uint16_t len;
  	  len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
  		 / sizeof (grub_efi_char16_t));
@@ -37,7 +35,7 @@
  	}
  
        dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
-@@ -384,12 +384,12 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+@@ -384,12 +384,12 @@
  	  grub_efi_file_path_device_path_t *fp;
  	  grub_efi_uint16_t len;
  
@@ -52,7 +50,7 @@
  	  p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len);
  	}
  
-@@ -398,10 +398,19 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+@@ -398,10 +398,19 @@
  
    *p = '\0';
  
diff -Nru grub2-2.02~beta2/debian/patches/series grub2-2.02~beta2/debian/patches/series
--- grub2-2.02~beta2/debian/patches/series	2015-03-23 16:23:55.000000000 +0100
+++ grub2-2.02~beta2/debian/patches/series	2015-12-12 20:31:46.000000000 +0100
@@ -68,3 +68,4 @@
 mixed_size_efi.patch
 hostfs_remove_ftm.patch
 efi_sanitise_path.patch
+CVE-2015-8370.patch

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: squeeze update of grub2?
  - From: Luciano Bello <luciano@debian.org>

References:
- squeeze update of grub2?
  - From: Guido Günther <agx@sigxcpu.org>
- Re: squeeze update of grub2?
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: squeeze update of cacti?
Next by Date: About virtualbox-ose in squeeze
Previous by thread: Re: squeeze update of grub2?
Next by thread: Re: squeeze update of grub2?
Index(es):
- Date
- Thread