[ubuntu/bionic-updates] grub2_2.02-2ubuntu8.16_arm64.tar.gz - (Accepted)
Chris Coulson
chris.coulson at canonical.com
Wed Jul 29 19:41:03 UTC 2020
grub2 (2.02-2ubuntu8.16) bionic; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
Date: Mon, 20 Jul 2020 19:50:54 +0100
Changed-By: Chris Coulson <chris.coulson at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at bos02-arm64-042.buildd>
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Jul 2020 19:50:54 +0100
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu grub-emu-dbg grub-pc-bin grub-pc-dbg grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot-dbg grub-coreboot grub-efi-ia32-bin grub-efi-ia32-dbg grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64-dbg grub-efi-amd64 grub-efi-ia64-bin grub-efi-ia64-dbg grub-efi-ia64 grub-efi-arm-bin grub-efi-arm-dbg grub-efi-arm grub-efi-arm64-bin grub-efi-arm64-dbg grub-efi-arm64 grub-ieee1275-bin grub-ieee1275-dbg grub-ieee1275 grub-firmware-qemu grub-uboot-bin grub-uboot-dbg grub-uboot grub-xen-bin grub-xen-dbg grub-xen grub-xen-host grub-yeeloong-bin grub-yeeloong-dbg grub-yeeloong grub-theme-starfield grub-mount-udeb
Architecture: arm64 arm64_translations
Version: 2.02-2ubuntu8.16
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at bos02-arm64-042.buildd>
Changed-By: Chris Coulson <chris.coulson at canonical.com>
Description:
grub-common - GRand Unified Bootloader (common files)
grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
grub-coreboot-dbg - GRand Unified Bootloader, version 2 (Coreboot debug files)
grub-efi - GRand Unified Bootloader, version 2 (dummy package)
grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
grub-efi-amd64-dbg - GRand Unified Bootloader, version 2 (EFI-AMD64 debug files)
grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version)
grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI binaries)
grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files)
grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version)
grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI binaries)
grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
grub-efi-ia32-dbg - GRand Unified Bootloader, version 2 (EFI-IA32 debug files)
grub-efi-ia64 - GRand Unified Bootloader, version 2 (IA64 version)
grub-efi-ia64-bin - GRand Unified Bootloader, version 2 (IA64 binaries)
grub-efi-ia64-dbg - GRand Unified Bootloader, version 2 (IA64 debug files)
grub-emu - GRand Unified Bootloader, version 2 (emulated version)
grub-emu-dbg - GRand Unified Bootloader, version 2 (emulated debug files)
grub-firmware-qemu - GRUB firmware image for QEMU
grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware binaries)
grub-ieee1275-dbg - GRand Unified Bootloader, version 2 (Open Firmware debug files)
grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
grub-pc - GRand Unified Bootloader, version 2 (PC/BIOS version)
grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files)
grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme)
grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version)
grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot binaries)
grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files)
grub-xen - GRand Unified Bootloader, version 2 (Xen version)
grub-xen-bin - GRand Unified Bootloader, version 2 (Xen binaries)
grub-xen-dbg - GRand Unified Bootloader, version 2 (Xen debug files)
grub-xen-host - GRand Unified Bootloader, version 2 (Xen host version)
grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files)
grub2 - GRand Unified Bootloader, version 2 (dummy package)
grub2-common - GRand Unified Bootloader (common files for version 2)
Changes:
grub2 (2.02-2ubuntu8.16) bionic; urgency=medium
.
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
.
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
Checksums-Sha1:
e63763a7f2f8bc49023ca790ee230656d62b2248 9850008 grub-common-dbgsym_2.02-2ubuntu8.16_arm64.ddeb
b3b97069a54e2ba00b90093dcf37188d05472912 1596048 grub-common_2.02-2ubuntu8.16_arm64.deb
5f3507d8838d209ed356961df3013056990f8216 523380 grub-efi-arm64-bin_2.02-2ubuntu8.16_arm64.deb
0d72dcd964a2932b95a5ca6be28b0ba72cd6e8d0 2509944 grub-efi-arm64-dbg_2.02-2ubuntu8.16_arm64.deb
9db0c005ee35287571fa0221c78704924a5b2ffc 47708 grub-efi-arm64_2.02-2ubuntu8.16_arm64.deb
514c4c81044d9a08c916202a85bde88b93232eac 305300 grub-mount-udeb_2.02-2ubuntu8.16_arm64.udeb
07618dd909b40612c2aead88f478acf4e814a26e 1674032 grub-theme-starfield_2.02-2ubuntu8.16_arm64.deb
ea4aaf652ad0232825a81b101a6bc8a745ed9279 1200092 grub2-common-dbgsym_2.02-2ubuntu8.16_arm64.ddeb
13f1c1e7cdb15f2c19555d5fa98546405bf36471 476708 grub2-common_2.02-2ubuntu8.16_arm64.deb
1cefd786d726d6b23c559a8b94bb281785c9d6cf 14984 grub2_2.02-2ubuntu8.16_arm64.buildinfo
1098d5c48136b32457e79d83872fc74eebcf18f3 1409715 grub2_2.02-2ubuntu8.16_arm64.tar.gz
6edfb6350b0075193c47daa5537d8958d2a9f17b 4683023 grub2_2.02-2ubuntu8.16_arm64_translations.tar.gz
Checksums-Sha256:
91f16c694a85d5040a8bc0417f6739e7c7a82f979cfc453446efcf68072ed844 9850008 grub-common-dbgsym_2.02-2ubuntu8.16_arm64.ddeb
a2ee384394843ecf8305f8f5c62c2f7570fe996c888f67b3b558224272b8159c 1596048 grub-common_2.02-2ubuntu8.16_arm64.deb
4040894157644242616d0e44c658a82eb01e85b15db38efd568d10374fe07f24 523380 grub-efi-arm64-bin_2.02-2ubuntu8.16_arm64.deb
99745c8a58336d5a704e47203813471269a160e4c3e30742c5d65e25a408ad9c 2509944 grub-efi-arm64-dbg_2.02-2ubuntu8.16_arm64.deb
a6f08200f5f5ea39b0b1f4c3cb7ecf8ec7f69ee61c26fd92ebfb15490e747e4a 47708 grub-efi-arm64_2.02-2ubuntu8.16_arm64.deb
d11a1d27fa9a1e4470347cc3ee352f4f7ccafd7279b22f41129136023dc8dfd8 305300 grub-mount-udeb_2.02-2ubuntu8.16_arm64.udeb
f365080238d3eb8a8d523665bb33fccf356d6f76a150dddc46ad2b0a1528bad4 1674032 grub-theme-starfield_2.02-2ubuntu8.16_arm64.deb
74ce993114ee766ef2f8b1db020e3748067461e992a0e1b955356d0ff556c208 1200092 grub2-common-dbgsym_2.02-2ubuntu8.16_arm64.ddeb
484251caed1acf3bc274bf32948cd61677542561ce13e32ae4510220a3df38e8 476708 grub2-common_2.02-2ubuntu8.16_arm64.deb
36c595af86a989bb1033dcd8d77169815f520fc9e51c372b4eb504a359ad695c 14984 grub2_2.02-2ubuntu8.16_arm64.buildinfo
170ad9948a5f2976daee959464447abf950df41bdee470bd843a3195a3431cc3 1409715 grub2_2.02-2ubuntu8.16_arm64.tar.gz
1500c22c8b4a19223c04cf82c665f41c6eb77fac23a228bb82fd1ac03efa712b 4683023 grub2_2.02-2ubuntu8.16_arm64_translations.tar.gz
Files:
97d7a7ebc701284d5be0682f05e43e47 9850008 debug optional grub-common-dbgsym_2.02-2ubuntu8.16_arm64.ddeb
45ed337efa9e6db37c98bc5e538e86c3 1596048 admin optional grub-common_2.02-2ubuntu8.16_arm64.deb
ef0e91f5f57b7585f5bc243c2941b563 523380 admin extra grub-efi-arm64-bin_2.02-2ubuntu8.16_arm64.deb
24cf52b98c68523823e815db632d54ad 2509944 debug extra grub-efi-arm64-dbg_2.02-2ubuntu8.16_arm64.deb
d7bc005c672fe5df82dddb857bafb599 47708 admin extra grub-efi-arm64_2.02-2ubuntu8.16_arm64.deb
2d99b8eeee1075e91f69dbe0a009bdc5 305300 debian-installer extra grub-mount-udeb_2.02-2ubuntu8.16_arm64.udeb
902c9278fe54ffb7b50654e72bd94622 1674032 admin extra grub-theme-starfield_2.02-2ubuntu8.16_arm64.deb
7fa725be436adad3c5935b9c6384d946 1200092 debug optional grub2-common-dbgsym_2.02-2ubuntu8.16_arm64.ddeb
3de1d4fd663510e480f3815148e4a1ff 476708 admin optional grub2-common_2.02-2ubuntu8.16_arm64.deb
5d8be4c66fb8dc9a6ef9408cc36a4574 14984 admin extra grub2_2.02-2ubuntu8.16_arm64.buildinfo
0f31c348caae04c81ef2e281b0fa16a6 1409715 raw-uefi - grub2_2.02-2ubuntu8.16_arm64.tar.gz
fd4b89edc067a0f2a82c458182764b76 4683023 raw-translations - grub2_2.02-2ubuntu8.16_arm64_translations.tar.gz
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at lists.alioth.debian.org>
More information about the Bionic-changes
mailing list