bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47185: grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632

From: Léo Le Bouter
Subject: bug#47185: grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418
Date: Tue, 16 Mar 2021 09:08:31 +0100
User-agent: Evolution 3.34.2 
As outlined by 
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021
we have a new wave of GRUB security vulnerabilities around SecureBoot.

There is no new upstream release so patching this appears to be some
kind of sport.

Debian has patched it in this commit: 
https://salsa.debian.org/grub-team/grub/-/commit/37c2a594625efba8b7f10d18a444393982d2e31f

I see also there's a new concept of SBAT section to ease administrative
efforts around certificate revocation when signed binaries such as some
GRUB2 things become vulnerable (and we don't want them to verify
successfully anymore).

This looks like a sizeable upgrade to a sensitive part of GNU Guix, so
we have to test carefully.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to
[Prev in Thread] Current Thread [Next in Thread]