grub2-unsigned 2.06-2ubuntu10 source package in Ubuntu
Changelog
grub2-unsigned (2.06-2ubuntu10) jammy; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
write in heap.
- 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
video/readers/png: Drop greyscale support to fix heap out-of-bounds write
- CVE-2021-3695
* SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
huffman table handling.
- 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
video/readers/png: Avoid heap OOB R/W inserting huff table items
- CVE-2021-3696
* SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
the heap.
- 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
video/readers/jpeg: Block int underflow -> wild pointer write
- CVE-2021-3697
* SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
- 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
maths safely
- CVE-2022-28733
* SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
- 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
OOB write for split http headers
- CVE-2022-28734
* SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
- 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
kern/efi/sb: Reject non-kernel files in the shim_lock verifier
- CVE-2022-28735
* SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
- 0130-loader-efi-chainloader-simplify-the-loader-state.patch:
loader/efi/chainloader: simplify the loader state
- 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot:
Add API to pass context to loader
- 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
loader/efi/chainloader: Use grub_loader_set_ex
- 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
loader/i386/efi/linux: Use grub_loader_set_ex
* Various fixes as a result of fuzzing and static analysis:
- 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch:
loader/efi/chainloader: grub_load_and_start_image doesn't load and start
- 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch:
loader/i386/efi/linux: Fix a memory leak in the initrd command
- 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
kern/file: Do not leak device_name on error in grub_file_open()
- 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
video/readers/png: Abort sooner if a read operation fails
- 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
video/readers/png: Refuse to handle multiple image headers
- 0141-video-readers-png-Sanity-check-some-huffman-codes.patch:
video/readers/png: Sanity check some huffman codes
- 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
video/readers/jpeg: Abort sooner if a read operation fails
- 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
video/readers/jpeg: Do not reallocate a given huff table
- 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
video/readers/jpeg: Refuse to handle multiple start of streams
- 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
normal/charset: Fix array out-of-bounds formatting unicode for display
- 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch:
net/netbuff: Block overly large netbuff allocs
- 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
net/dns: Fix double-free addresses on corrupt DNS response
- 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
net/dns: Don't read past the end of the string we're checking against
- 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
net/tftp: Prevent a UAF and double-free from a failed seek
- 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
- 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
net/http: Do not tear down socket if it's already been torn down
- 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch:
net/http: Error out on headers with LF without CR
- 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
fs/f2fs: Do not read past the end of nat journal entries
- 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
fs/f2fs: Do not read past the end of nat bitmap
- 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
fs/f2fs: Do not copy file names that are too long
- 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
fs/btrfs: Fix several fuzz issues with invalid dir item sizing
- 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
- 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
fs/btrfs: Fix more fuzz issues related to chunks
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
* Make the grub2/no_efi_extra_removable setting work correctly
- update debian/postinst.in
* Build grub2-unsigned packages with xz compression for compatibility
with xenial dpkg
- update debian/rules
[ Steve Langasek ]
* Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for
necessary arm relocation support. LP: #1926748.
* debian/postinst.in: Unconditionally call grub-install with
--force-extra-removable on xenial and bionic, so that the \EFI\BOOT
removable path as used in cloud images receives the updates. LP: #1930742.
-- Chris Coulson <email address hidden> Tue, 07 Jun 2022 17:36:27 +0100
Upload details
- Uploaded by:
- Chris Coulson
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| grub2-unsigned_2.06.orig.tar.xz | 6.3 MiB | b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 |
| grub2-unsigned_2.06-2ubuntu10.debian.tar.xz | 1.1 MiB | 1cc76d8ea8b1cc9bc2012a9a3d64cdc51aab07d8f2a2830df455d5a8baf37bba |
| grub2-unsigned_2.06-2ubuntu10.dsc | 6.8 KiB | 3a74f12d4d6ab6c1808df9ab26c8bfa6d60af1a9fe1866eafba2ff2ceecc089a |
Available diffs
- diff from 2.06-2ubuntu7 (in Ubuntu) to 2.06-2ubuntu10 (30.3 KiB)
- diff from 2.06-2ubuntu9 to 2.06-2ubuntu10 (837 bytes)
Binary packages built by this source
- grub-efi-amd64: GRand Unified Bootloader, version 2 (EFI-AMD64 version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use with the EFI-AMD64 architecture, as used by Intel Macs (unless a BIOS
interface has been activated). Installing this package indicates that this
version of GRUB should be the active boot loader.
- grub-efi-amd64-bin: GRand Unified Bootloader, version 2 (EFI-AMD64 modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use with the
EFI-AMD64 architecture, as used by Intel Macs (unless a BIOS interface has
been activated). It can be installed in parallel with other flavours, but
will not automatically install GRUB as the active boot loader nor
automatically update grub.cfg on upgrade unless grub-efi-amd64 is also
installed.
- grub-efi-amd64-dbg: GRand Unified Bootloader, version 2 (EFI-AMD64 debug files)
This package contains debugging files for grub-efi-amd64-bin. You only
need these if you are trying to debug GRUB using its GDB stub.
- grub-efi-arm64: GRand Unified Bootloader, version 2 (ARM64 UEFI version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use on ARM64 systems with UEFI. Installing this package indicates that
this version of GRUB should be the active boot loader.
- grub-efi-arm64-bin: GRand Unified Bootloader, version 2 (ARM64 UEFI modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use on ARM64
systems with UEFI. It can be installed in parallel with other flavours,
but will not automatically install GRUB as the active boot loader nor
automatically update grub.cfg on upgrade unless grub-efi-arm64 is also
installed.
- grub-efi-arm64-dbg: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
This package contains debugging files for grub-efi-arm64-bin. You only
need these if you are trying to debug GRUB using its GDB stub.
