[ubuntu/focal-security] grub2-unsigned 2.06-2ubuntu14.4 (Accepted)
Mark Esler
mark.esler at canonical.com
Wed Oct 4 00:40:31 UTC 2023
grub2-unsigned (2.06-2ubuntu14.4) jammy; urgency=high
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
* efi/fdt: Apply device tree fixups directly after loading
- add debian/patches/fdt-fixup-after-load.patch
- LP: #2028931
grub2 (2.06-2ubuntu14.2) kinetic; urgency=medium
* Cherry-pick more upstream memory patches (LP: #2004643)
Date: 2023-10-02 15:41:09.085315+00:00
Changed-By: Mate Kukri <mate.kukri at canonical.com>
Signed-By: Mark Esler <mark.esler at canonical.com>
https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu14.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list