El 11/12/15 a las 11:20, Guido Günther escribió: > Hello dear maintainers, > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of grub2: > https://security-tracker.debian.org/tracker/CVE-2015-8370 > Hi all, I've uploaded grub2 to fix this CVE for squeeze today. And attached you can find debdiffs for wheezy and jessie. I've already tested the jessie package, but not wheezy's. Please, tell me if they are Ok and if you agree to upload them. Cheers, Santiago
diff -u grub2-1.99/debian/changelog grub2-1.99/debian/changelog
--- grub2-1.99/debian/changelog
+++ grub2-1.99/debian/changelog
@@ -1,3 +1,11 @@
+grub2 (1.99-27+deb7u3) wheezy-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2015-8370: buffer overflow when checking password entered
+ during bootup.
+
+ -- Santiago Ruano Rincón <santiagorr@riseup.net> Sat, 12 Dec 2015 18:59:43 +0100
+
grub2 (1.99-27+deb7u2) stable; urgency=low
* Backport from upstream:
diff -u grub2-1.99/debian/patches/series grub2-1.99/debian/patches/series
--- grub2-1.99/debian/patches/series
+++ grub2-1.99/debian/patches/series
@@ -50,0 +51 @@
+CVE-2015-8370.patch
only in patch2:
unchanged:
--- grub2-1.99.orig/debian/patches/CVE-2015-8370.patch
+++ grub2-1.99/debian/patches/CVE-2015-8370.patch
@@ -0,0 +1,40 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+ This patch fixes two integer underflows at:
+ * grub-core/lib/crypto.c
+ * grub-core/normal/auth.c
+
+Resolves: CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+---
+ grub-core/lib/crypto.c | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -433,7 +433,7 @@
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ continue;
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -171,7 +171,7 @@
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ grub_printf ("\b");
diff -Nru grub2-2.02~beta2/debian/changelog grub2-2.02~beta2/debian/changelog
--- grub2-2.02~beta2/debian/changelog 2015-03-23 16:30:18.000000000 +0100
+++ grub2-2.02~beta2/debian/changelog 2015-12-12 20:31:46.000000000 +0100
@@ -1,3 +1,11 @@
+grub2 (2.02~beta2-22+deb8u1) jessie-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2015-8370: buffer overflow when checking password entered during
+ bootup.
+
+ -- Santiago Ruano Rincón <santiagorr@riseup.net> Sat, 12 Dec 2015 20:18:02 +0100
+
grub2 (2.02~beta2-22) unstable; urgency=medium
* Make grub-common's Suggests on grub-emu architecture-specific, to
diff -Nru grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch
--- grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch 1970-01-01 01:00:00.000000000 +0100
+++ grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch 2015-12-12 20:31:46.000000000 +0100
@@ -0,0 +1,40 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+ This patch fixes two integer underflows at:
+ * grub-core/lib/crypto.c
+ * grub-core/normal/auth.c
+
+Resolves: CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+---
+ grub-core/lib/crypto.c | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -456,7 +456,7 @@
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ continue;
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ grub_printf ("\b");
diff -Nru grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch
--- grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch 2015-03-23 16:23:55.000000000 +0100
+++ grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch 2015-12-12 20:31:46.000000000 +0100
@@ -15,11 +15,9 @@
grub-core/kern/efi/efi.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
-diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
-index db0fd2d..3b6cf26 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
-@@ -337,7 +337,7 @@ grub_efi_modules_addr (void)
+@@ -337,7 +337,7 @@
char *
grub_efi_get_filename (grub_efi_device_path_t *dp0)
{
@@ -28,7 +26,7 @@
grub_size_t filesize = 0;
grub_efi_device_path_t *dp;
-@@ -356,7 +356,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+@@ -356,7 +356,7 @@
grub_efi_uint16_t len;
len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
/ sizeof (grub_efi_char16_t));
@@ -37,7 +35,7 @@
}
dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
-@@ -384,12 +384,12 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+@@ -384,12 +384,12 @@
grub_efi_file_path_device_path_t *fp;
grub_efi_uint16_t len;
@@ -52,7 +50,7 @@
p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len);
}
-@@ -398,10 +398,19 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+@@ -398,10 +398,19 @@
*p = '\0';
diff -Nru grub2-2.02~beta2/debian/patches/series grub2-2.02~beta2/debian/patches/series
--- grub2-2.02~beta2/debian/patches/series 2015-03-23 16:23:55.000000000 +0100
+++ grub2-2.02~beta2/debian/patches/series 2015-12-12 20:31:46.000000000 +0100
@@ -68,3 +68,4 @@
mixed_size_efi.patch
hostfs_remove_ftm.patch
efi_sanitise_path.patch
+CVE-2015-8370.patch
Attachment:
signature.asc
Description: Digital signature