]> git.ipfire.org Git - people/meitelwein/ipfire-2.x.git/commit
projects / people / meitelwein / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e1b03d) | patch
grub 2.00: Bugfix for CVE-2015-8370
authorMatthias Fischer <matthias.fischer@ipfire.org>
Fri, 18 Dec 2015 20:28:52 +0000 (21:28 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 18 Dec 2015 23:40:00 +0000 (23:40 +0000)
commit44fb4620ee2a314070fbf47de6cd7a6a2c7365f2
tree6295f18c30975688a42f7521d61135f6d0d2e383tree | snapshot
parent1e1b03d5819269184a85dc5bcc042c978666bc08commit | diff
grub 2.00: Bugfix for CVE-2015-8370

See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
to 2.02 (December, 2015) are affected. The vulnerability can be exploited
under certain circumstances, allowing local attackers to bypass any kind of
authentication (plain or hashed passwords). And so, the attacker may take
control of the computer."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/grub diff | blob | blame | history
src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch [new file with mode: 0644] blob
Michael's tree of IPFire 2.x