[ubuntu/mantic-proposed] grub2 2.12~rc1-10ubuntu4 (Accepted)

Mate Kukri mate.kukri at canonical.com
Tue Oct 3 18:30:42 UTC 2023 

grub2 (2.12~rc1-10ubuntu4) mantic; urgency=high

  * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
    and may leak sensitive information into the GRUB pager.
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
      label.patch:
      fs/ntfs: Fix an OOB read when parsing a volume label
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
      index-at.patch:
      fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
      entries-fr.patch:
      fs/ntfs: Fix an OOB read when parsing directory entries from resident and
      non-resident index attributes
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
      reside.patch:
      fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
      attribute
    - CVE-2023-4693
  * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
    overflow and may allow arbitrary code execution and secure boot bypass.
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
      ATTRIBUTE_LIST-.patch:
      fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
      the $MFT file
    - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
      fs/ntfs: Make code more readable
    - CVE-2023-4692

Date: Mon, 02 Oct 2023 15:23:58 +0100
Changed-By: Mate Kukri <mate.kukri at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/grub2/2.12~rc1-10ubuntu4
-------------- next part --------------
Format: 1.8
Date: Mon, 02 Oct 2023 15:23:58 +0100
Source: grub2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.12~rc1-10ubuntu4
Distribution: mantic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mate Kukri <mate.kukri at canonical.com>
Changes:
 grub2 (2.12~rc1-10ubuntu4) mantic; urgency=high
 .
   * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
     and may leak sensitive information into the GRUB pager.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
       label.patch:
       fs/ntfs: Fix an OOB read when parsing a volume label
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
       index-at.patch:
       fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
       entries-fr.patch:
       fs/ntfs: Fix an OOB read when parsing directory entries from resident and
       non-resident index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
       reside.patch:
       fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
       attribute
     - CVE-2023-4693
   * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
     overflow and may allow arbitrary code execution and secure boot bypass.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
       ATTRIBUTE_LIST-.patch:
       fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
       the $MFT file
     - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
       fs/ntfs: Make code more readable
     - CVE-2023-4692
Checksums-Sha1:
 790535574e950435ec566a86d246ef63380ebf8c 7279 grub2_2.12~rc1-10ubuntu4.dsc
 db2315909ae69cd47617634882dc1a8e2e86738f 1116524 grub2_2.12~rc1-10ubuntu4.debian.tar.xz
 28c74188feed21f653bb8ac18a3b6448a658b225 11785 grub2_2.12~rc1-10ubuntu4_source.buildinfo
Checksums-Sha256:
 7a17a59157e3b18c37c65a118583d52db09a96d6217cbc62e330a7dba031abfa 7279 grub2_2.12~rc1-10ubuntu4.dsc
 17ab8b7391490ec789aaafac00cccb3ebcc44966babc68d64432d157b43ccd18 1116524 grub2_2.12~rc1-10ubuntu4.debian.tar.xz
 6a68958a77187b70e2d360b274ddce416842e6d8dd44ff68ed33cdfebcf32b71 11785 grub2_2.12~rc1-10ubuntu4_source.buildinfo
Files:
 eddf9b76463943fa5dad2f025e9bbab2 7279 admin optional grub2_2.12~rc1-10ubuntu4.dsc
 e83b024b6d90dffd7bdeb2e35b2cdb0a 1116524 admin optional grub2_2.12~rc1-10ubuntu4.debian.tar.xz
 a4f5ac18a6093afaa4f7f299505d68e8 11785 admin optional grub2_2.12~rc1-10ubuntu4_source.buildinfo
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>

More information about the mantic-changes mailing list