1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • GRUB2 regression

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, August 04, 2020 20:10:02
    grub2, grub2-signed regression

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM

    Summary

    USN-4432-1 introduced a regression in the GRUB2 bootloader.

    Software Description

    * grub2 - GRand Unified Bootloader
    * grub2-signed - GRand Unified Bootloader

    Details

    USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot
    environments. Unfortunately, the update introduced regressions for
    some BIOS systems (either pre-UEFI or UEFI configured in Legacy
    mode), preventing them from successfully booting. This update
    addresses the issue.

    Users with BIOS systems that installed GRUB2 versions from
    USN-4432-1 should verify that their GRUB2 installation has a
    correct understanding of their boot device location and installed
    the boot loader correctly.

    We apologize for the inconvenience.

    Original advisory details:

    Jesse Michael and Mickey Shkatov discovered that the configuration
    parser in GRUB2 did not properly exit when errors were discovered,
    resulting in heap-based buffer overflows. A local attacker could
    use this to execute arbitrary code and bypass UEFI Secure Boot
    restrictions. (CVE-2020-10713)

    Chris Coulson discovered that the GRUB2 function handling code did
    not properly handle a function being redefined, leading to a
    use-after-free vulnerability. A local attacker could use this to
    execute arbitrary code and bypass UEFI Secure Boot restrictions.
    (CVE-2020-15706)

    Chris Coulson discovered that multiple integer overflows existed
    in GRUB2 when handling certain filesystems or font files, leading
    to heap-based buffer overflows. A local attacker could use these
    to execute arbitrary code and bypass UEFI Secure Boot
    restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311)

    It was discovered that the memory allocator for GRUB2 did not
    validate allocation size, resulting in multiple integer overflows
    and heap-based buffer overflows when handling certain filesystems,
    PNG images or disk metadata. A local attacker could use this to
    execute arbitrary code and bypass UEFI Secure Boot restrictions.
    (CVE-2020-14308)

    Mathieu Trudel-Lapierre discovered that in certain situations,
    GRUB2 failed to validate kernel signatures. A local attacker could
    use this to bypass Secure Boot restrictions. (CVE-2020-15705)

    Colin Watson and Chris Coulson discovered that an integer overflow
    existed in GRUB2 when handling the initrd command, leading to a
    heap-based buffer overflow. A local attacker could use this to
    execute arbitrary code and bypass UEFI Secure Boot restrictions.
    (CVE-2020-15707)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    grub-efi-amd64-bin - 2.04-1ubuntu26.2
    grub-efi-amd64-signed - 1.142.4+2.04-1ubuntu26.2
    grub-efi-arm-bin - 2.04-1ubuntu26.2
    grub-efi-arm64-bin - 2.04-1ubuntu26.2
    grub-efi-arm64-signed - 1.142.4+2.04-1ubuntu26.2
    grub-efi-ia32-bin - 2.04-1ubuntu26.2

    Ubuntu 18.04 LTS
    grub-efi-amd64-bin - 2.02-2ubuntu8.17
    grub-efi-amd64-signed - 1.93.19+2.02-2ubuntu8.17
    grub-efi-arm-bin - 2.02-2ubuntu8.17
    grub-efi-arm64-bin - 2.02-2ubuntu8.17
    grub-efi-arm64-signed - 1.93.19+2.02-2ubuntu8.17
    grub-efi-ia32-bin - 2.02-2ubuntu8.17
    grub-efi-ia64-bin - 2.02-2ubuntu8.17

    Ubuntu 16.04 LTS
    grub-efi-amd64-bin - 2.02~beta2-36ubuntu3.27
    grub-efi-amd64-signed - 1.66.27+2.02~beta2-36ubuntu3.27
    grub-efi-arm-bin - 2.02~beta2-36ubuntu3.27
    grub-efi-arm64-bin - 2.02~beta2-36ubuntu3.27
    grub-efi-arm64-signed - 1.66.27+2.02~beta2-36ubuntu3.27
    grub-efi-ia32-bin - 2.02~beta2-36ubuntu3.27
    grub-efi-ia64-bin - 2.02~beta2-36ubuntu3.27

    Ubuntu 14.04 ESM
    grub-efi-amd64-bin - 2.02~beta2-9ubuntu1.17
    grub-efi-amd64-signed - 1.34.20+2.02~beta2-9ubuntu1.17
    grub-efi-arm-bin - 2.02~beta2-9ubuntu1.17
    grub-efi-arm64-bin - 2.02~beta2-9ubuntu1.17
    grub-efi-ia32-bin - 2.02~beta2-9ubuntu1.17
    grub-efi-ia64-bin - 2.02~beta2-9ubuntu1.17

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    Fully mitigating these vulnerabilities requires both an updated
    GRUB2 boot loader and the application of a UEFI Revocation List
    (dbx) to system firmware. Ubuntu will provide a packaged dbx
    update at a later time, though system adminstrators may choose to
    apply a third party dbx update before then. For more details on
    mitigation steps and the risks entailed (especially for
    dual/multi-boot scenarios), please see the Knowledge Base article
    at
    https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

    References

    * USN-4432-1
    * LP: 1889556
    * https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)