UbuntuUpdates.org

Package "grub-efi-amd64-bin"

Name: grub-efi-amd64-bin

Description:

GRand Unified Bootloader, version 2 (EFI-AMD64 modules)
Latest version: 2.06-2ubuntu17.2
Release: lunar (23.04)
Level: updates
Repository: main
Head package: grub2-unsigned
Homepage: https://www.gnu.org/software/grub/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "grub-efi-amd64-bin"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "grub-efi-amd64-bin" in Lunar

Repository Area Version
base main 2.06-2ubuntu16
security main 2.06-2ubuntu17.2

Changelog

Version: 2.06-2ubuntu17.2 2023-10-04 06:09:48 UTC

  grub2-unsigned (2.06-2ubuntu17.2) lunar; urgency=high

  * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
    and may leak sensitive information into the GRUB pager.
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
      label.patch:
      fs/ntfs: Fix an OOB read when parsing a volume label
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
      index-at.patch:
      fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
      entries-fr.patch:
      fs/ntfs: Fix an OOB read when parsing directory entries from resident and
      non-resident index attributes
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
      reside.patch:
      fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
      attribute
    - CVE-2023-4693
  * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
    overflow and may allow arbitrary code execution and secure boot bypass.
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
      ATTRIBUTE_LIST-.patch:
      fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
      the $MFT file
    - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
      fs/ntfs: Make code more readable
    - CVE-2023-4692
  * efi/fdt: Apply device tree fixups directly after loading
    - add debian/patches/fdt-fixup-after-load.patch
    - LP: #2028931
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Mate Kukri <email address hidden> Mon, 02 Oct 2023 15:25:43 +0100
Source diff to previous version
2028931 device tree protocol not always applied
CVE-2023-4693 Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager
CVE-2023-4692 Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass

Version: 2.06-2ubuntu17 2023-09-28 23:06:58 UTC

  grub2-unsigned (2.06-2ubuntu17) lunar; urgency=medium

  * Cherry-pick more upstream memory patches (LP: #2004643)
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Julian Andres Klode <email address hidden> Mon, 20 Feb 2023 17:24:10 +0100


About   -   Send Feedback to @ubuntu_updates