Package "grub-efi-amd64-bin"
Name: |
grub-efi-amd64-bin
|
Description: |
GRand Unified Bootloader, version 2 (EFI-AMD64 modules)
|
Latest version: |
2.06-2ubuntu14.4 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
grub2-unsigned |
Homepage: |
https://www.gnu.org/software/grub/ |
Links
Download "grub-efi-amd64-bin"
Other versions of "grub-efi-amd64-bin" in Focal
Changelog
grub2-unsigned (2.06-2ubuntu14.4) jammy; urgency=high
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
* efi/fdt: Apply device tree fixups directly after loading
- add debian/patches/fdt-fixup-after-load.patch
- LP: #2028931
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Mate Kukri <email address hidden> Mon, 02 Oct 2023 15:26:59 +0100
|
Source diff to previous version |
2028931 |
device tree protocol not always applied |
CVE-2023-4693 |
Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager |
CVE-2023-4692 |
Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass |
|
grub2-unsigned (2.06-2ubuntu14.2) kinetic; urgency=medium
* Cherry-pick more upstream memory patches (LP: #2004643)
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Julian Andres Klode <email address hidden> Mon, 20 Feb 2023 17:29:00 +0100
|
Source diff to previous version |
grub2-unsigned (2.06-2ubuntu14.1) kinetic; urgency=medium
* Cherry-pick all memory patches from rhboot
- Allocate initrd > 4 GB (LP: #1842320)
- Allocate kernels as code, not data (needed for newer firmware)
* ubuntu: Fix casts on i386-efi target
* Cherry-pick all the 2.12 memory management changes (LP: #1842320)
* Allocate executables as CODE, not DATA in chainloader and arm64
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Julian Andres Klode <email address hidden> Mon, 30 Jan 2023 11:51:57 +0100
|
Source diff to previous version |
grub2-unsigned (2.06-2ubuntu14) kinetic; urgency=medium
* SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
- add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
- add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
- CVE-2022-2601, CVE-2022-3775
- LP: #1996950
* Fix various issues as a result of fuzzing, static analysis and code
review:
- add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
- add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
- add debian/patchces/font-Remove-grub_font_dup_glyph.patch
- add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
- add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
- add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
- add debian/patches/fbutil-Fix-integer-overflow.patch
- add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
- add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
- add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
* Enforce verification of fonts when secure boot is enabled:
- add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
* Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
- update debian/control
- update debian/build-efi-image
- add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
* Fix LP: #1997006 - add support for performing measurements to RTMRs
- add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
- add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
- add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
* Fix the squashfs tests during the build
- remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
- add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Chris Coulson <email address hidden> Wed, 16 Nov 2022 14:40:42 +0000
|
Source diff to previous version |
1997006 |
grub TDX enablement |
CVE-2022-2601 |
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size |
CVE-2022-3775 |
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bi |
|
grub2-unsigned (2.04-1ubuntu47.5) focal; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
- add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
- add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
- CVE-2022-2601, CVE-2022-3775
- LP: #1996950
* Fix various issues as a result of fuzzing, static analysis and code
review:
- add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
- add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
- add debian/patchces/font-Remove-grub_font_dup_glyph.patch
- add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
- add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
- add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
- add debian/patches/fbutil-Fix-integer-overflow.patch
- add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
- add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
- add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
* Forbid loading of external fonts when secure boot is enabled:
- add debian/patches/font-Forbid-loading-of-font-files-when-secure-boot-is-ena.patch
* Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
- update debian/control
- update debian/build-efi-image
- add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
* Fix the squashfs tests during the build
- remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
- add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
* Make grub-efi-{amd64,arm64} depend on grub2-common 2.02~beta2-36ubuntu3.33
in xenial and 2.02-2ubuntu8.25 in bionic to fix LP: #1995751 (thanks
Julian Klode for the base-files hack to make a single binary be able to
depend on 2 different versions of the same package)
[ dann frazier ]
* linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924)
- d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch
[ Chris Coulson ]
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Chris Coulson <email address hidden> Thu, 17 Nov 2022 13:27:15 +0000
|
1995751 |
update to 2.04-1ubuntu47.4 drops zz-update-grub |
1987924 |
GRUB may execute the kernel w/ dirty instruction cache on arm64 |
CVE-2022-2601 |
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size |
CVE-2022-3775 |
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bi |
|
About
-
Send Feedback to @ubuntu_updates