Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in GRUB
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GRUB
ID: USN-4432-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS
Datum: Mi, 29. Juli 2020, 23:12
Referenzen: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309
Applikationen: GRUB

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1752427743668957868==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ANa4kO8L0rvPBki9dpbBNhpfuWlwUABEF"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ANa4kO8L0rvPBki9dpbBNhpfuWlwUABEF
Content-Type: multipart/mixed;
boundary="sYv0AKUnQAskTT49xg4wzJcIUUPzWN7wa"

--sYv0AKUnQAskTT49xg4wzJcIUUPzWN7wa
Content-Type: text/plain; charset=utf-8
Content-Language: en-U
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4432-1
July 29, 2020

grub2, grub2-signed vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in GRUB 2.

Software Description:
- grub2: GRand Unified Bootloader
- grub2-signed: GRand Unified Bootloader

Details:

Jesse Michael and Mickey Shkatov discovered that the configuration parser
in GRUB2 did not properly exit when errors were discovered, resulting in
heap-based buffer overflows. A local attacker could use this to execute
arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)

Chris Coulson discovered that the GRUB2 function handling code did not
properly handle a function being redefined, leading to a use-after-free
vulnerability. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions. (CVE-2020-15706)

Chris Coulson discovered that multiple integer overflows existed in GRUB2
when handling certain filesystems or font files, leading to heap-based
buffer overflows. A local attacker could use these to execute arbitrary
code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309,
CVE-2020-14310, CVE-2020-14311)

It was discovered that the memory allocator for GRUB2 did not validate
allocation size, resulting in multiple integer overflows and heap-based
buffer overflows when handling certain filesystems, PNG images or disk
metadata. A local attacker could use this to execute arbitrary code and
bypass UEFI Secure Boot restrictions. (CVE-2020-14308)

Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2
failed to validate kernel signatures. A local attacker could use this
to bypass Secure Boot restrictions. (CVE-2020-15705)

Colin Watson and Chris Coulson discovered that an integer overflow
existed in GRUB2 when handling the initrd command, leading to a heap-based
buffer overflow. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions. (CVE-2020-15707)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
grub-efi-amd64-bin 2.04-1ubuntu26.1
grub-efi-amd64-signed 1.142.3+2.04-1ubuntu26.1
grub-efi-arm-bin 2.04-1ubuntu26.1
grub-efi-arm64-bin 2.04-1ubuntu26.1
grub-efi-arm64-signed 1.142.3+2.04-1ubuntu26.1
grub-efi-ia32-bin 2.04-1ubuntu26.1

Ubuntu 18.04 LTS:
grub-efi-amd64-bin 2.02-2ubuntu8.16
grub-efi-amd64-signed 1.93.18+2.02-2ubuntu8.16
grub-efi-arm-bin 2.02-2ubuntu8.16
grub-efi-arm64-bin 2.02-2ubuntu8.16
grub-efi-arm64-signed 1.93.18+2.02-2ubuntu8.16
grub-efi-ia32-bin 2.02-2ubuntu8.16
grub-efi-ia64-bin 2.02-2ubuntu8.16

Ubuntu 16.04 LTS:
grub-efi-amd64-bin 2.02~beta2-36ubuntu3.26
grub-efi-amd64-signed 1.66.26+2.02~beta2-36ubuntu3.26
grub-efi-arm-bin 2.02~beta2-36ubuntu3.26
grub-efi-arm64-bin 2.02~beta2-36ubuntu3.26
grub-efi-arm64-signed 1.66.26+2.02~beta2-36ubuntu3.26
grub-efi-ia32-bin 2.02~beta2-36ubuntu3.26
grub-efi-ia64-bin 2.02~beta2-36ubuntu3.26

Ubuntu 14.04 ESM:
grub-efi-amd64-bin 2.02~beta2-9ubuntu1.20
grub-efi-amd64-signed 1.34.22+2.02~beta2-9ubuntu1.20
grub-efi-arm-bin 2.02~beta2-9ubuntu1.20
grub-efi-arm64-bin 2.02~beta2-9ubuntu1.20
grub-efi-ia32-bin 2.02~beta2-9ubuntu1.20
grub-efi-ia64-bin 2.02~beta2-9ubuntu1.20

Fully mitigating these vulnerabilities requires both an updated
GRUB2 boot loader and the application of a UEFI Revocation
List (dbx) to system firmware. Ubuntu will provide a packaged
dbx update at a later time, though system adminstrators may
choose to apply a third party dbx update before then. For more
details on mitigation steps and the risks entailed (especially for
dual/multi-boot scenarios), please see the Knowledge Base article at
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

References:
https://usn.ubuntu.com/4432-1
CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310,
CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707,
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

Package Information:
https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu26.1
https://launchpad.net/ubuntu/+source/grub2-signed/1.142.3
https://launchpad.net/ubuntu/+source/grub2/2.02-2ubuntu8.16
https://launchpad.net/ubuntu/+source/grub2-signed/1.93.18
https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.26
https://launchpad.net/ubuntu/+source/grub2-signed/1.66.26


--sYv0AKUnQAskTT49xg4wzJcIUUPzWN7wa--

--ANa4kO8L0rvPBki9dpbBNhpfuWlwUABEF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAl8hztoACgkQYR+97NWU
bg9Q5ggApXrXFFVVpwwcSENEpac2uc5mAls8qA9M/nY4wQzIeGdF3vt+ujLXRk7k
cNJNgAp8lCia7t4cStj8B9Uqfd7tXNaRzd+EoJ+Uukezr2Cv2t9GIKzpdjm/kFeE
BSWSBUSTrxRex9O75MwHqRmSzLs9ClXL3cPIfHLBJHmYB6aRcwpxJAfPRThASeDN
HKvVypDzkGtxkHMOpSSr4/n071sdP7zR0QTpIRNBZNxC7IgfMoukSaAgOclXAUIX
9USPTXJiRxdEnA+nYDjk0NwP13pb1PsmkP0EkrToC7ldkyDmsOPEWVPX0B5hh2fy
Kb6r3XEqUB9kuz3OokUnZaDYBxA+aw==
=OcTs
-----END PGP SIGNATURE-----

--ANa4kO8L0rvPBki9dpbBNhpfuWlwUABEF--


--===============1752427743668957868==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============1752427743668957868==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung