* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. b84a9b078dae234641a3708fbd7c1624c0731468
@ 2015-12-18 23:43 git
0 siblings, 0 replies; only message in thread
From: git @ 2015-12-18 23:43 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 5851 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via b84a9b078dae234641a3708fbd7c1624c0731468 (commit)
via 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2 (commit)
from 1e1b03d5819269184a85dc5bcc042c978666bc08 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b84a9b078dae234641a3708fbd7c1624c0731468
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Dec 18 23:42:15 2015 +0000
core96: Ship updated grub
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Dec 18 21:28:52 2015 +0100
grub 2.00: Bugfix for CVE-2015-8370
See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
to 2.02 (December, 2015) are affected. The vulnerability can be exploited
under certain circumstances, allowing local attackers to bypass any kind of
authentication (plain or hashed passwords). And so, the attacker may take
control of the computer."
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
.../{oldcore/87 => core/96}/filelists/i586/grub | 0
config/rootfiles/core/96/filelists/x86_64/grub | 1 +
lfs/grub | 3 +-
...E-2015-8370-Grub2-user-pass-vulnerability.patch | 45 ++++++++++++++++++++++
4 files changed, 48 insertions(+), 1 deletion(-)
copy config/rootfiles/{oldcore/87 => core/96}/filelists/i586/grub (100%)
create mode 120000 config/rootfiles/core/96/filelists/x86_64/grub
create mode 100644 src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
Difference in files:
diff --git a/config/rootfiles/core/96/filelists/i586/grub b/config/rootfiles/core/96/filelists/i586/grub
new file mode 120000
index 0000000..feb236a
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/i586/grub
@@ -0,0 +1 @@
+../../../../common/i586/grub
\ No newline at end of file
diff --git a/config/rootfiles/core/96/filelists/x86_64/grub b/config/rootfiles/core/96/filelists/x86_64/grub
new file mode 120000
index 0000000..78d3bd7
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/x86_64/grub
@@ -0,0 +1 @@
+../../../../common/x86_64/grub
\ No newline at end of file
diff --git a/lfs/grub b/lfs/grub
index bcbcbd0..3e613a8 100644
--- a/lfs/grub
+++ b/lfs/grub
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2014 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2015 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_fallback.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
cd $(DIR_APP) && \
./configure \
--prefix=/usr \
diff --git a/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
new file mode 100644
index 0000000..2eef1ae
--- /dev/null
+++ b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,45 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi(a)upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+ This patch fixes two integer underflows at:
+ * grub-core/lib/crypto.c
+ * grub-core/normal/auth.c
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi(a)upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll(a)disca.upv.es>
+---
+ grub-core/lib/crypto.c | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
+index 010e550..524a3d8 100644
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size)
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ continue;
+diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
+index c6bd96e..5782ec5 100644
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ grub_printf ("\b");
+--
+1.9.1
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-12-18 23:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-18 23:43 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. b84a9b078dae234641a3708fbd7c1624c0731468 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox