881413 – (CVE-2022-2601, CVE-2022-3775) <sys-boot/grub-2.06-r4: multiple vulnerabilities

Bug 881413 (CVE-2022-2601, CVE-2022-3775) - <sys-boot/grub-2.06-r4: multiple vulnerabilities

Summary: <sys-boot/grub-2.06-r4: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2022-2601, CVE-2022-3775

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://lists.gnu.org/archive/html/gr...
Whiteboard:	B1 [glsa+]
Keywords:

Depends on:	881821
Blocks:
	Show dependency tree

Reported:	2022-11-15 18:31 UTC by John Helmert III
Modified:	2023-11-25 11:21 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-11-15 18:31:44 UTC

B given these are only really problems with secureboot
on, which is probably a minority of users. Patches at URL, unsure if
merged yet.

Comment 1 Larry the Git Cow gentoo-dev

2022-11-16 00:43:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f808be26f24a5d938efb272e2d98cd5aa05ecda

commit 7f808be26f24a5d938efb272e2d98cd5aa05ecda
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-11-16 00:29:40 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-11-16 00:29:40 +0000

    sys-boot/grub: backport security fixes
    
    Bug: https://bugs.gentoo.org/881413
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-boot/grub/Manifest            |   1 +
 sys-boot/grub/grub-2.06-r4.ebuild | 330 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 331 insertions(+)

Comment 2 John Helmert III archtester

2022-11-16 15:12:48 UTC

Thanks! Please stabilize when ready.

Comment 3 John Helmert III archtester

2022-12-02 17:35:13 UTC

Please cleanup

Comment 4 Larry the Git Cow gentoo-dev

2022-12-20 18:13:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd4f54570ed7c6d99beb16cc2b2b841c30a5a09b

commit dd4f54570ed7c6d99beb16cc2b2b841c30a5a09b
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-12-20 18:10:40 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-12-20 18:12:54 +0000

    sys-boot/grub: drop 2.06-r3
    
    Bug: https://bugs.gentoo.org/881413
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-boot/grub/Manifest            |   1 -
 sys-boot/grub/grub-2.06-r3.ebuild | 331 --------------------------------------
 2 files changed, 332 deletions(-)

Comment 5 Larry the Git Cow gentoo-dev

2023-11-25 11:19:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4c466f4d082dba9c6c82b370699194bb99c93843

commit 4c466f4d082dba9c6c82b370699194bb99c93843
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 11:18:39 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 11:19:17 +0000

    [ GLSA 202311-14 ] GRUB: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/881413
    Bug: https://bugs.gentoo.org/915187
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-14.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)