El 13/12/15 a las 21:06, Luciano Bello escribió: > On Saturday 12 December 2015 21.44.28 Santiago Ruano Rincón wrote: > > > I've uploaded grub2 to fix this CVE for squeeze today. And attached you > > > can find debdiffs for wheezy and jessie. I've already tested the jessie > > > package, but not wheezy's. > > > > > > Please, tell me if they are Ok and if you agree to upload them. > > > > Please close #807614 in your changelog. The patch looks quite direct but it > would be great if you can test it also for wheezy, just to be on the safe > side.
Done. Wheezy also works. Luciano, I may upload them, unless you disagree or you want to do it by yourself. Saludos, Santiago
diff -u grub2-1.99/debian/changelog grub2-1.99/debian/changelog --- grub2-1.99/debian/changelog +++ grub2-1.99/debian/changelog @@ -1,3 +1,11 @@ +grub2 (1.99-27+deb7u3) wheezy-security; urgency=high + + * Non-maintainer upload. + * Fix CVE-2015-8370: buffer overflow when checking password entered + during bootup (Closes: #807614). + + -- Santiago Ruano Rincón <santiag...@riseup.net> Mon, 14 Dec 2015 13:40:29 +0100 + grub2 (1.99-27+deb7u2) stable; urgency=low * Backport from upstream: diff -u grub2-1.99/debian/patches/series grub2-1.99/debian/patches/series --- grub2-1.99/debian/patches/series +++ grub2-1.99/debian/patches/series @@ -50,0 +51 @@ +CVE-2015-8370.patch only in patch2: unchanged: --- grub2-1.99.orig/debian/patches/CVE-2015-8370.patch +++ grub2-1.99/debian/patches/CVE-2015-8370.patch @@ -0,0 +1,40 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert <hecma...@upv.es> +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Resolves: CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert <hecma...@upv.es> +Signed-off-by: Ismael Ripoll-Ripoll <irip...@disca.upv.es> +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -433,7 +433,7 @@ + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -171,7 +171,7 @@ + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b");
diff -Nru grub2-2.02~beta2/debian/changelog grub2-2.02~beta2/debian/changelog --- grub2-2.02~beta2/debian/changelog 2015-03-23 16:30:18.000000000 +0100 +++ grub2-2.02~beta2/debian/changelog 2015-12-14 09:04:24.000000000 +0100 @@ -1,3 +1,11 @@ +grub2 (2.02~beta2-22+deb8u1) jessie-security; urgency=high + + * Non-maintainer upload. + * Fix CVE-2015-8370: buffer overflow when checking password entered during + bootup (Closes: #807614). + + -- Santiago Ruano Rincón <santiag...@riseup.net> Sat, 12 Dec 2015 20:18:02 +0100 + grub2 (2.02~beta2-22) unstable; urgency=medium * Make grub-common's Suggests on grub-emu architecture-specific, to diff -Nru grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch --- grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch 1970-01-01 01:00:00.000000000 +0100 +++ grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch 2015-12-12 20:31:46.000000000 +0100 @@ -0,0 +1,40 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert <hecma...@upv.es> +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Resolves: CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert <hecma...@upv.es> +Signed-off-by: Ismael Ripoll-Ripoll <irip...@disca.upv.es> +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -456,7 +456,7 @@ + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); diff -Nru grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch --- grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch 2015-03-23 16:23:55.000000000 +0100 +++ grub2-2.02~beta2/debian/patches/efi_sanitise_path.patch 2015-12-12 20:31:46.000000000 +0100 @@ -15,11 +15,9 @@ grub-core/kern/efi/efi.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index db0fd2d..3b6cf26 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c -@@ -337,7 +337,7 @@ grub_efi_modules_addr (void) +@@ -337,7 +337,7 @@ char * grub_efi_get_filename (grub_efi_device_path_t *dp0) { @@ -28,7 +26,7 @@ grub_size_t filesize = 0; grub_efi_device_path_t *dp; -@@ -356,7 +356,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) +@@ -356,7 +356,7 @@ grub_efi_uint16_t len; len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) / sizeof (grub_efi_char16_t)); @@ -37,7 +35,7 @@ } dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); -@@ -384,12 +384,12 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) +@@ -384,12 +384,12 @@ grub_efi_file_path_device_path_t *fp; grub_efi_uint16_t len; @@ -52,7 +50,7 @@ p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len); } -@@ -398,10 +398,19 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) +@@ -398,10 +398,19 @@ *p = '\0'; diff -Nru grub2-2.02~beta2/debian/patches/series grub2-2.02~beta2/debian/patches/series --- grub2-2.02~beta2/debian/patches/series 2015-03-23 16:23:55.000000000 +0100 +++ grub2-2.02~beta2/debian/patches/series 2015-12-12 20:31:46.000000000 +0100 @@ -68,3 +68,4 @@ mixed_size_efi.patch hostfs_remove_ftm.patch efi_sanitise_path.patch +CVE-2015-8370.patch
signature.asc
Description: Digital signature