From 4e9ad78414a1a5a3c039f8582cf38f552bbc2dea Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 10 Dec 2015 11:12:07 -0500 Subject: [PATCH] Security update for keyboard input vulnerability. - Fix security issue when reading username and password Related: CVE-2015-8370 - Do a better job of handling GRUB2_PASSWORD Related: rhbz#1284370 Signed-off-by: Peter Jones --- .gitignore | 3 ++ ...ue-when-reading-username-and-passwor.patch | 47 +++++++++++++++++++ grub2.spec | 9 +++- 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 0158-Fix-security-issue-when-reading-username-and-passwor.patch diff --git a/.gitignore b/.gitignore index 5edb643..b4850c7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ clog /unifont-5.1.20080820.pcf.gz /theme.tar.bz2 /gitignore +kojilogs +/grub-*/ +.build*.log diff --git a/0158-Fix-security-issue-when-reading-username-and-passwor.patch b/0158-Fix-security-issue-when-reading-username-and-passwor.patch new file mode 100644 index 0000000..6b5963d --- /dev/null +++ b/0158-Fix-security-issue-when-reading-username-and-passwor.patch @@ -0,0 +1,47 @@ +From eba919d27789fd0c8f085060672a122b61d3ebda Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Resolves: CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 8e8426c..a23519c 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..5782ec5 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); +-- +2.5.0 + diff --git a/grub2.spec b/grub2.spec index f29642a..cdbd9a9 100644 --- a/grub2.spec +++ b/grub2.spec @@ -47,7 +47,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 0.17%{?dist} +Release: 0.18%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base @@ -217,6 +217,7 @@ Patch0154: 0154-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch Patch0155: 0001-Update-to-minilzo-2.08.patch Patch0156: 0001-Make-grub2-mkconfig-construct-titles-that-look-like-.patch Patch0157: 0002-Make-rescue-and-debug-entries-sort-right-again-in-gr.patch +Patch0158: 0158-Fix-security-issue-when-reading-username-and-passwor.patch BuildRequires: flex bison binutils python BuildRequires: ncurses-devel xz-devel bzip2-devel @@ -652,6 +653,12 @@ fi %{_datarootdir}/grub/themes/starfield %changelog +* Thu Dec 10 2015 Peter Jones - 2.02-0.18 +- Fix security issue when reading username and password + Related: CVE-2015-8370 +- Do a better job of handling GRUB2_PASSWORD + Related: rhbz#1284370 + * Fri Nov 20 2015 Peter Jones - 2.02-0.17 - Rebuild without multiboot* modules in the EFI image. Related: rhbz#1264103