[ubuntu/jammy-updates] grub2_2.06-2ubuntu10_arm64.tar.gz - (Accepted)

Chris Coulson chris.coulson at canonical.com
Mon Oct 10 13:30:37 UTC 2022


grub2-unsigned (2.06-2ubuntu10) jammy; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
    write in heap.
    - 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
      video/readers/png: Drop greyscale support to fix heap out-of-bounds write
    - CVE-2021-3695
  * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
    huffman table handling.
    - 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
      video/readers/png: Avoid heap OOB R/W inserting huff table items
    - CVE-2021-3696
  * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
    the heap.
    - 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
      video/readers/jpeg: Block int underflow -> wild pointer write
    - CVE-2021-3697
  * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
    - 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
      maths safely
    - CVE-2022-28733
  * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
    - 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
      OOB write for split http headers
    - CVE-2022-28734
  * SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
    - 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
      kern/efi/sb: Reject non-kernel files in the shim_lock verifier
    - CVE-2022-28735
  * SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
    - 0130-loader-efi-chainloader-simplify-the-loader-state.patch:
      loader/efi/chainloader: simplify the loader state
    - 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot:
      Add API to pass context to loader
    - 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
      loader/efi/chainloader: Use grub_loader_set_ex
    - 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
      loader/i386/efi/linux: Use grub_loader_set_ex
  * Various fixes as a result of fuzzing and static analysis:
    - 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch:
      loader/efi/chainloader: grub_load_and_start_image doesn't load and start
    - 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch:
      loader/i386/efi/linux: Fix a memory leak in the initrd command
    - 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
      kern/file: Do not leak device_name on error in grub_file_open()
    - 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
      video/readers/png: Abort sooner if a read operation fails
    - 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
      video/readers/png: Refuse to handle multiple image headers
    - 0141-video-readers-png-Sanity-check-some-huffman-codes.patch:
      video/readers/png: Sanity check some huffman codes
    - 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
      video/readers/jpeg: Abort sooner if a read operation fails
    - 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
      video/readers/jpeg: Do not reallocate a given huff table
    - 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
      video/readers/jpeg: Refuse to handle multiple start of streams
    - 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
      normal/charset: Fix array out-of-bounds formatting unicode for display
    - 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch:
      net/netbuff: Block overly large netbuff allocs
    - 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
      net/dns: Fix double-free addresses on corrupt DNS response
    - 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
      net/dns: Don't read past the end of the string we're checking against
    - 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
      net/tftp: Prevent a UAF and double-free from a failed seek
    - 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
    - 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
      net/http: Do not tear down socket if it's already been torn down
    - 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch:
      net/http: Error out on headers with LF without CR
    - 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
      fs/f2fs: Do not read past the end of nat journal entries
    - 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
      fs/f2fs: Do not read past the end of nat bitmap
    - 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
      fs/f2fs: Do not copy file names that are too long
    - 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
      fs/btrfs: Fix several fuzz issues with invalid dir item sizing
    - 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
      fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
    - 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
      fs/btrfs: Fix more fuzz issues related to chunks
  * Bump SBAT generation:
    - update debian/sbat.ubuntu.csv.in
  * Make the grub2/no_efi_extra_removable setting work correctly
    - update debian/postinst.in
  * Build grub2-unsigned packages with xz compression for compatibility
    with xenial dpkg
    - update debian/rules

  [ Steve Langasek ]
  * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for
    necessary arm relocation support.  LP: #1926748.
  * debian/postinst.in: Unconditionally call grub-install with
    --force-extra-removable on xenial and bionic, so that the \EFI\BOOT
    removable path as used in cloud images receives the updates.  LP: #1930742.

Date: Tue, 07 Jun 2022 17:36:27 +0100
Changed-By: Chris Coulson <chris.coulson at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at bos02-arm64-036.buildd>

-------------- next part --------------
Format: 1.8
Date: Tue, 07 Jun 2022 17:36:27 +0100
Source: grub2-unsigned
Binary: grub-efi-arm64 grub-efi-arm64-bin grub-efi-arm64-dbg
Built-For-Profiles: noudeb
Architecture: arm64 arm64_translations
Version: 2.06-2ubuntu10
Distribution: jammy
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at bos02-arm64-036.buildd>
Changed-By: Chris Coulson <chris.coulson at canonical.com>
Description:
 grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version)
 grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI modules)
 grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
Launchpad-Bugs-Fixed: 1926748 1930742
Changes:
 grub2-unsigned (2.06-2ubuntu10) jammy; urgency=medium
 .
   [ Chris Coulson ]
   * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
     write in heap.
     - 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
       video/readers/png: Drop greyscale support to fix heap out-of-bounds write
     - CVE-2021-3695
   * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
     huffman table handling.
     - 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
       video/readers/png: Avoid heap OOB R/W inserting huff table items
     - CVE-2021-3696
   * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
     the heap.
     - 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
       video/readers/jpeg: Block int underflow -> wild pointer write
     - CVE-2021-3697
   * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
     - 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
       maths safely
     - CVE-2022-28733
   * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
     - 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
       OOB write for split http headers
     - CVE-2022-28734
   * SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
     - 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
       kern/efi/sb: Reject non-kernel files in the shim_lock verifier
     - CVE-2022-28735
   * SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
     - 0130-loader-efi-chainloader-simplify-the-loader-state.patch:
       loader/efi/chainloader: simplify the loader state
     - 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot:
       Add API to pass context to loader
     - 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
       loader/efi/chainloader: Use grub_loader_set_ex
     - 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
       loader/i386/efi/linux: Use grub_loader_set_ex
   * Various fixes as a result of fuzzing and static analysis:
     - 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch:
       loader/efi/chainloader: grub_load_and_start_image doesn't load and start
     - 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch:
       loader/i386/efi/linux: Fix a memory leak in the initrd command
     - 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
       kern/file: Do not leak device_name on error in grub_file_open()
     - 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
       video/readers/png: Abort sooner if a read operation fails
     - 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
       video/readers/png: Refuse to handle multiple image headers
     - 0141-video-readers-png-Sanity-check-some-huffman-codes.patch:
       video/readers/png: Sanity check some huffman codes
     - 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
       video/readers/jpeg: Abort sooner if a read operation fails
     - 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
       video/readers/jpeg: Do not reallocate a given huff table
     - 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
       video/readers/jpeg: Refuse to handle multiple start of streams
     - 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
       normal/charset: Fix array out-of-bounds formatting unicode for display
     - 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch:
       net/netbuff: Block overly large netbuff allocs
     - 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
       net/dns: Fix double-free addresses on corrupt DNS response
     - 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
       net/dns: Don't read past the end of the string we're checking against
     - 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
       net/tftp: Prevent a UAF and double-free from a failed seek
     - 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
     - 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
       net/http: Do not tear down socket if it's already been torn down
     - 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch:
       net/http: Error out on headers with LF without CR
     - 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
       fs/f2fs: Do not read past the end of nat journal entries
     - 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
       fs/f2fs: Do not read past the end of nat bitmap
     - 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
       fs/f2fs: Do not copy file names that are too long
     - 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
       fs/btrfs: Fix several fuzz issues with invalid dir item sizing
     - 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
       fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
     - 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
       fs/btrfs: Fix more fuzz issues related to chunks
   * Bump SBAT generation:
     - update debian/sbat.ubuntu.csv.in
   * Make the grub2/no_efi_extra_removable setting work correctly
     - update debian/postinst.in
   * Build grub2-unsigned packages with xz compression for compatibility
     with xenial dpkg
     - update debian/rules
 .
   [ Steve Langasek ]
   * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for
     necessary arm relocation support.  LP: #1926748.
   * debian/postinst.in: Unconditionally call grub-install with
     --force-extra-removable on xenial and bionic, so that the \EFI\BOOT
     removable path as used in cloud images receives the updates.  LP: #1930742.
Checksums-Sha1:
 a310d691db8aaffa3194c44fbb23235fd6a50921 644828 grub-efi-arm64-bin_2.06-2ubuntu10_arm64.deb
 cd6bba81d8a26b368d24ac71e14b91c6c8ffec71 2920404 grub-efi-arm64-dbg_2.06-2ubuntu10_arm64.deb
 9d067e6ea1db6e500abadc5301397cecceb341c9 47040 grub-efi-arm64_2.06-2ubuntu10_arm64.deb
 5d1be6f33ad809361440a5d538ab1e866396fdeb 12227 grub2-unsigned_2.06-2ubuntu10_arm64.buildinfo
 22cb7ba4e6cc7796a0d066b89a9dd9985fdd2e05 3224209 grub2-unsigned_2.06-2ubuntu10_arm64_translations.tar.gz
 5c711a352bfe7f35233c9b5151e27ad54f55507d 1667458 grub2_2.06-2ubuntu10_arm64.tar.gz
Checksums-Sha256:
 86af6ca1edd0aea5bdaa3c2e66721340976f72264905b6d522460b9e6b2b1a82 644828 grub-efi-arm64-bin_2.06-2ubuntu10_arm64.deb
 6fc284f9efe3b3eab51dfae496b761089f2924730aa6a07c72487750aa88c146 2920404 grub-efi-arm64-dbg_2.06-2ubuntu10_arm64.deb
 806208ae5e437c3b10d29d58f85d45ecb4f910b2f2ea1154095ae0352efaf0b1 47040 grub-efi-arm64_2.06-2ubuntu10_arm64.deb
 615f53d79054bcee42a16154c707d25739e297e213d75bc744730f77d371caf0 12227 grub2-unsigned_2.06-2ubuntu10_arm64.buildinfo
 1da22013594c6e73e390b287eb717bfe59f31847e2411bc68f73e0f663e27ced 3224209 grub2-unsigned_2.06-2ubuntu10_arm64_translations.tar.gz
 eeefdf18a0fcd1ac238a44147bacb59ad0a8493afd7daa614441a8180fdcecc0 1667458 grub2_2.06-2ubuntu10_arm64.tar.gz
Files:
 829ccb02ae0177ba730194a59ff4c845 644828 admin optional grub-efi-arm64-bin_2.06-2ubuntu10_arm64.deb
 ce9edca0532dc1091ff50521e7c02f0a 2920404 debug optional grub-efi-arm64-dbg_2.06-2ubuntu10_arm64.deb
 bdc23a761a876495219878177a5f70e3 47040 admin optional grub-efi-arm64_2.06-2ubuntu10_arm64.deb
 14fa30546c2fefd28c4dbdd8dbd8406a 12227 admin optional grub2-unsigned_2.06-2ubuntu10_arm64.buildinfo
 bde16443b2885a7b892a8ae3f2ef611e 3224209 raw-translations - grub2-unsigned_2.06-2ubuntu10_arm64_translations.tar.gz
 e8fec08ce82e5e1bff1b1632c26f9035 1667458 raw-uefi - grub2_2.06-2ubuntu10_arm64.tar.gz
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>


More information about the jammy-changes mailing list