[Bug 1996950] Re: CVE-2022-2601, CVE-2022-3775: font security fixes
Launchpad Bug Tracker
1996950 at bugs.launchpad.net
Sat Dec 3 00:42:35 UTC 2022
This bug was fixed in the package grub2-unsigned - 2.06-2ubuntu15
---------------
grub2-unsigned (2.06-2ubuntu15) lunar; urgency=medium
* grub-multi-install: Reset partition type between partitions (LP: #1997795)
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
grub2 (2.06-2ubuntu14) kinetic; urgency=medium
* SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
- add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
- add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
- CVE-2022-2601, CVE-2022-3775
- LP: #1996950
* Fix various issues as a result of fuzzing, static analysis and code
review:
- add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
- add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
- add debian/patchces/font-Remove-grub_font_dup_glyph.patch
- add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
- add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
- add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
- add debian/patches/fbutil-Fix-integer-overflow.patch
- add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
- add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
- add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
* Enforce verification of fonts when secure boot is enabled:
- add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
* Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
- update debian/control
- update debian/build-efi-image
- add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
* Fix LP: #1997006 - add support for performing measurements to RTMRs
- add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
- add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
- add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
* Fix the squashfs tests during the build
- remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
- add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
-- Julian Andres Klode <juliank at ubuntu.com> Thu, 01 Dec 2022 16:30:53
+0100
** Changed in: grub2-unsigned (Ubuntu Lunar)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1996950
Title:
CVE-2022-2601, CVE-2022-3775: font security fixes
Status in grub2-signed package in Ubuntu:
Fix Committed
Status in grub2-unsigned package in Ubuntu:
Fix Released
Status in grub2-signed source package in Bionic:
New
Status in grub2-unsigned source package in Bionic:
New
Status in grub2-signed source package in Focal:
New
Status in grub2-unsigned source package in Focal:
New
Status in grub2-signed source package in Jammy:
New
Status in grub2-unsigned source package in Jammy:
New
Status in grub2-signed source package in Kinetic:
New
Status in grub2-unsigned source package in Kinetic:
New
Status in grub2-signed source package in Lunar:
Fix Committed
Status in grub2-unsigned source package in Lunar:
Fix Released
Bug description:
[Impact]
security update staged in updates
[Test plan]
Boot it on multiple systems.
[Where problems could occur]
Font loading is disabled, could cause rendering issues
Unicode font stuffed in xz squashfs, could cause more memory issues
during boot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1996950/+subscriptions
More information about the foundations-bugs
mailing list