Debian Local Security Checks : Debian: Security Advisory for grub2 (DSA-4735-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704735

Kategorie: Debian Local Security Checks

Titel: Debian: Security Advisory for grub2 (DSA-4735-1)

Zusammenfassung: The remote host is missing an update for the 'grub2'; package(s) announced via the DSA-4735-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'grub2'
package(s) announced via the DSA-4735-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the GRUB2 bootloader.

CVE-2020-10713
A flaw in the grub.cfg parsing code was found allowing to break
UEFI Secure Boot and load arbitrary code. Details can be found at
at the linked references.
It was discovered that grub_malloc does not validate the allocation
size allowing for arithmetic overflow and subsequently a heap-based
buffer overflow.

CVE-2020-14309
An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow.

CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap based buffer overflow.

CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.

CVE-2020-15706
script: Avoid a use-after-free when redefining a function during
execution.

CVE-2020-15707
An integer overflow flaw was found in the initrd size handling.

Further detailed information can be found at the linked references.

Affected Software/OS:
'grub2' package(s) on Debian Linux.

Solution:
For the stable distribution (buster), these problems have been fixed in
version 2.02+dfsg1-20+deb10u1.

We recommend that you upgrade your grub2 packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-10713
Common Vulnerability Exposure (CVE) ID: CVE-2020-14308
Common Vulnerability Exposure (CVE) ID: CVE-2020-14309
Common Vulnerability Exposure (CVE) ID: CVE-2020-14310
Common Vulnerability Exposure (CVE) ID: CVE-2020-14311
Common Vulnerability Exposure (CVE) ID: CVE-2020-15706
Common Vulnerability Exposure (CVE) ID: CVE-2020-15707

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704735
Kategorie:	Debian Local Security Checks
Titel:	Debian: Security Advisory for grub2 (DSA-4735-1)
Zusammenfassung:	The remote host is missing an update for the 'grub2'; package(s) announced via the DSA-4735-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'grub2' package(s) announced via the DSA-4735-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-10713 A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code. Details can be found at at the linked references. It was discovered that grub_malloc does not validate the allocation size allowing for arithmetic overflow and subsequently a heap-based buffer overflow. CVE-2020-14309 An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow. CVE-2020-14310 An integer overflow in read_section_from_string may lead to a heap based buffer overflow. CVE-2020-14311 An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow. CVE-2020-15706 script: Avoid a use-after-free when redefining a function during execution. CVE-2020-15707 An integer overflow flaw was found in the initrd size handling. Further detailed information can be found at the linked references. Affected Software/OS: 'grub2' package(s) on Debian Linux. Solution: For the stable distribution (buster), these problems have been fixed in version 2.02+dfsg1-20+deb10u1. We recommend that you upgrade your grub2 packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-10713 Common Vulnerability Exposure (CVE) ID: CVE-2020-14308 Common Vulnerability Exposure (CVE) ID: CVE-2020-14309 Common Vulnerability Exposure (CVE) ID: CVE-2020-14310 Common Vulnerability Exposure (CVE) ID: CVE-2020-14311 Common Vulnerability Exposure (CVE) ID: CVE-2020-15706 Common Vulnerability Exposure (CVE) ID: CVE-2020-15707
Copyright	Copyright (C) 2020 Greenbone Networks GmbH