diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2017-09-28 22:54:55 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-09-28 22:54:55 +0200 |
commit | 612f47deca97e8d7ffc2100c1dbc82a602abdf39 (patch) | |
tree | 714d18b438413833e38a20af15b6514bb8c7ac61 /glsa-201512-03.xml | |
parent | Fix GLSA 201709-27 to reflect previous canonical name for libTIFF (diff) | |
download | glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.tar.gz glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.tar.bz2 glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.zip |
GLSA format update
- Dates converted to ISO8601 [Bug #196681]
- Reference links changed to HTTPS where available [Bug #630750]
See: https://bugs.gentoo.org/196681
See: https://bugs.gentoo.org/630750
Diffstat (limited to 'glsa-201512-03.xml')
-rw-r--r-- | glsa-201512-03.xml | 126 |
1 files changed, 63 insertions, 63 deletions
diff --git a/glsa-201512-03.xml b/glsa-201512-03.xml index d61b21a4..74f4618b 100644 --- a/glsa-201512-03.xml +++ b/glsa-201512-03.xml @@ -1,63 +1,63 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
-<glsa id="201512-03">
- <title>GRUB: Authentication bypass</title>
- <synopsis>GRUB's authentication prompt can be bypassed by entering a sequence
- of backspace characters.
- </synopsis>
- <product type="ebuild">grub</product>
- <announced>December 19, 2015</announced>
- <revised>December 19, 2015: 1</revised>
- <bug>568326</bug>
- <access>local</access>
- <affected>
- <package name="sys-boot/grub" auto="no" arch="*">
- <unaffected range="ge">2.02_beta2-r8</unaffected>
- <unaffected range="rge">0.97</unaffected>
- <vulnerable range="lt">2.02_beta2-r8</vulnerable>
- </package>
- </affected>
- <background>
- <p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p>
- </background>
- <description>
- <p>An integer underflow in GRUB’s username/password authentication code
- has been discovered.
- </p>
- </description>
- <impact type="normal">
- <p>An attacker with access to the system console may bypass the username
- prompt by entering a sequence of backspace characters, allowing them e.g.
- to get full access to GRUB’s console or to load a customized kernel.
- </p>
- </impact>
- <workaround>
- <p>There is no known workaround at this time.</p>
- </workaround>
- <resolution>
- <p>All GRUB 2.x users should upgrade to the latest version:</p>
-
- <code>
- # emerge --sync
- # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8"
- </code>
-
- <p>After upgrading, make sure to run the grub2-install command with options
- appropriate for your system. See the GRUB2 Quick Start guide in the
- references below for examples. Your system will be vulnerable until this
- action is performed.
- </p>
- </resolution>
- <references>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8370">CVE-2015-8370</uri>
- <uri link="https://wiki.gentoo.org/wiki/GRUB2_Quick_Start">GRUB2 Quick
- Start guide
- </uri>
- </references>
- <metadata tag="requester" timestamp="Sat, 19 Dec 2015 13:09:44 +0000">
- keytoaster
- </metadata>
- <metadata tag="submitter" timestamp="Sat, 19 Dec 2015 14:20:07 +0000">
- keytoaster
- </metadata>
-</glsa>
\ No newline at end of file +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201512-03"> + <title>GRUB: Authentication bypass</title> + <synopsis>GRUB's authentication prompt can be bypassed by entering a sequence + of backspace characters. + </synopsis> + <product type="ebuild">grub</product> + <announced>2015-12-19</announced> + <revised>2015-12-19: 1</revised> + <bug>568326</bug> + <access>local</access> + <affected> + <package name="sys-boot/grub" auto="no" arch="*"> + <unaffected range="ge">2.02_beta2-r8</unaffected> + <unaffected range="rge">0.97</unaffected> + <vulnerable range="lt">2.02_beta2-r8</vulnerable> + </package> + </affected> + <background> + <p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p> + </background> + <description> + <p>An integer underflow in GRUB’s username/password authentication code + has been discovered. + </p> + </description> + <impact type="normal"> + <p>An attacker with access to the system console may bypass the username + prompt by entering a sequence of backspace characters, allowing them e.g. + to get full access to GRUB’s console or to load a customized kernel. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GRUB 2.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8" + </code> + + <p>After upgrading, make sure to run the grub2-install command with options + appropriate for your system. See the GRUB2 Quick Start guide in the + references below for examples. Your system will be vulnerable until this + action is performed. + </p> + </resolution> + <references> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8370">CVE-2015-8370</uri> + <uri link="https://wiki.gentoo.org/wiki/GRUB2_Quick_Start">GRUB2 Quick + Start guide + </uri> + </references> + <metadata tag="requester" timestamp="2015-12-19T13:09:44Z"> + keytoaster + </metadata> + <metadata tag="submitter" timestamp="2015-12-19T14:20:07Z"> + keytoaster + </metadata> +</glsa> |