Bug#808122: CVE-2015-8370

Klaus Ethgen Klaus at Ethgen.de
Wed Dec 16 09:20:21 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package: grub-pc
Severity: critical
Tags: security

Grub2 has a very critical security problem right now[0]. CVE-2015-8370
allows more or less full access to the system via boot manager.

Nevertheless, not all of my systems are affected as I luckily still use
grub1 on them. Unfortunately it affects right that systems that I carry
with me and that might been left out of my view sometimes.

[0] http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.6 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus at Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCgAGBQJWcSzKAAoJEKZ8CrGAGfasHAgL/j9EiipyJSwJXrXqeNBuCklg
VhqmViG6KUBrnP3MICjqm8Cfa8wrk/2suQ+sgCE8gPhiceWJRgKf+BhoqiRq7Q40
eBxJBAWTF7YLH63fUesQFnYgJzVaH3jbGtMAtFdoHsB8YVTRWF+9vexBUybCtjsE
oGOq0at5qTK72txBChszPuhpT5FslDmYf8eAc5sJxjmvxkHiG6De+BVaZDf/5XEx
OwU4W7pPeLXCNmlAcOzeHWfJuPzOKx8hO+wclxrEoxm2BelzPuowBjMWumm57fI+
4cmPntXVP9iFWHlpUHUlMFouTQ5E7jFJ7F103X/XEoxTS/RCMx96t+UxqaMVybut
lIEIjV/4XAcqfWvcU1JV590EBJjtaMC6RIXZ6kgF1yLT1EXc+nBkvk5mpQ2TWIQh
Zpkl4wjCUWmLTJI4NWzey+s/r6T/jrCxyv7q/ifHM+pZhox7Y1b4SulUzNGLXynu
Im7fZcdwXrQibj2SELk/fzmX/HRfMJVYXPS/qxcaRg==
=Zbut
-----END PGP SIGNATURE-----



More information about the Pkg-grub-devel mailing list