"Ubuntu Security Notice USN-868-1 December 09, 2009
grub2 vulnerability
CVE-2009-4128
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
grub2 1.97~beta4-1ubuntu4.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Users who have upgraded from GRUB Legacy to GRUB 2 and are still using Grub
Legacy to chainload into GRUB 2, you will have to run the following command
(possibly adjusting 'hd0') to update GRUB 2's on disk core image:
$ sudo grub-install --no-floppy --grub-setup=/bin/true "(hd0)"
If you previously ran 'upgrade-from-grub-legacy', a standard system upgrade
is sufficient to effect the necessary changes.
Details follow:
It was discovered that GRUB 2 did not properly validate passwords. An
attacker with physical access could conduct a brute force attack and bypass
authentication by submitting a 1 character password.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.diff.gz
Size/MD5: 250341 94284059eefdd8b1a204142abedb645c
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.dsc
Size/MD5: 1945 66af22931f8a965f49a26bc84c5fb9e2
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4.orig.tar.gz
Size/MD5: 1244094 78edf78a2cf4ee39d539ba0b82a6afed
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 1008342 a3cd4c29207668d03b3f0e6f94805642
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 444642 676c9efd4f0dc53510fe200993512fc3
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 227576 1c99905094ad542ccb52aaf7da06a287
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 297472 329b8b5e30b12106a9c811e082721436
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 250536 e739653b2e0028893df0b8a1aaf82c69
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 1476 f3e99ae5c03700476811c248cb4a14c9
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 345940 13b038768ebe93df1520db2111ccd751
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 400562 3e6bad6edb5ca1813aa2fa3d639e810a
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 214358 f42279a0623bd57be2bcd7ff7cd55bf5
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 1470 2c1a2294f6e47b25c7ba6aae15540b18
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 752180 c4e35cf34426692f56054a2b684caee6
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_amd64.deb
Size/MD5: 2606 7bf8e3b76a2fb80395200fdb34ce92c3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 994122 9ca29e8e186c28bcb6e2ca110ce5c678
http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 433532 c2cd60a80ad48983a196b071abd54fb7
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 227602 5cfd70769ecc58b804d6b8161a617863
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 296628 d7c63b6bf1bd1d0ba2c3a0a97adc3cf5
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 249016 51f9c46b8e7ad9d69041018b408dfa52
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 1478 e58af38d18d4fc457279041b95a7f47b
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 327234 23389dcc94cae8666a9468b817c6d55d
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 400558 c483aa4407641f759bf6d6e919f4cf4d
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 214362 04fea0a758a1f151fc11b5b7263d55fc
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 1470 2c0ac267a93d49078a396c0461d85eef
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 752154 3b45262773f36cfa0418d3dbd106a371
http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_i386.deb
Size/MD5: 2610 d6a3595f00a9f78fd007637f6fca9504
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 994762 593e7cbb941e44b3ce873ec4e0e5e10e
http://ports.ubuntu.com/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 428152 f1d4e8bef9edbfe16e79232de6d5c28b
http://ports.ubuntu.com/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 249668 c07a97cc2e04ebf1f551652dd5fe89f7
http://ports.ubuntu.com/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 1476 28da02262428fe931fe85d5ff650cd97
http://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 328712 ddb8770c9770c923f4c9b93d91221f41
http://ports.ubuntu.com/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 400586 70d2ac9b2f4d3f8b46635df8a4798de1
http://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 214528 5247f468e60f5ac431514fa9c070b2ac
http://ports.ubuntu.com/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 199482 a710f7be88ee6a8b0a1b3ff134ab43be
http://ports.ubuntu.com/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 741660 8d4127f5f6651a592f6b91ac9152c60c
http://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_lpia.deb
Size/MD5: 2602 11d90bd876010d9334275515a6908915
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_sparc.deb
Size/MD5: 1002148 66abb79f534f3d55e45c51859c618a06
http://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_sparc.deb
Size/MD5: 332094 bacedc782f461faed75006715ee955e6
http://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_sparc.deb
Size/MD5: 334620 e37a7b515ea456152f714caf796de3c0
http://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_sparc.deb
Size/MD5: 2620 331f84d64fbef94c1b6a97425009db0c
--c7hkjup166d4FzgN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkse86QACgkQW0JvuRdL8BruxwCfUUK1t9BMja2aTlllGi5vYmtg
370Anjv1uMO3NEFt2s67XLTv8NinQVc/
=z7h1
-----END PGP SIGNATURE-----
"
USN-863-1: QEMU vulnerabilityLady Gaga has over 20 wigs
This entry was posted
on 8:24 AM
.
Archives
-
▼
2009
(488)
-
▼
December
(41)
- DSA 1958-1: New libtool packages fix privilege esc...
- DSA 1957-1: New aria2 packages fix arbitrary code ...
- DSA-1962-1: New kvm packages fix several vulnerabi...
- USN-873-1: Firefox 3.0 and Xulrunner 1.9 vulnerabi...
- DSA 1961-1: New bind9 packages fix cache poisoning
- DSA 1963-1: New unbound packages fix DNSSEC valida...
- RHSA-2009:1694-01 Critical: java-1.6.0-ibm securit...
- RHSA-2009:1688-01 Moderate: condor security update
- GLSA 200912-02 Ruby on Rails: Multiple vulnerabil...
- RHSA-2009:1689-01 Moderate: condor security update
- DSA 1960-1: New acpid packages fix weak file permi...
- USN-874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnera...
- DSA 1954-1: New cacti packages fix insufficient in...
- DSA-1959-1: New ganeti packages fix arbitrary comm...
- USN-875-1: Red Hat Cluster Suite vulnerabilities
- RHSA-2009:1680-01 Important: xpdf security update
- DSA 1956-1: New xulrunner packages fix several vul...
- RHSA-2009:1682-01 Important: kdegraphics security ...
- RHSA-2009:1671-01 Important: kernel security and b...
- DSA-1953-1: New expat packages fix denial of service
- RHSA-2009:1670-01 Important: kernel security and b...
- DSA 1952-2: End-of-life announcement for asterisk ...
- USN-871-1: KDE vulnerability
- USN-871-2: KDE 4 vulnerabilities
- RHSA-2009:1658-01 Critical: flash-plugin security ...
- USN-867-1: Ntp vulnerability
- USN-868-1: GRUB 2 vulnerability
- USN-869-1: Linux kernel vulnerabilities
- USN-870-1: PyGreSQL vulnerability
- USN-866-1: gnome-screensaver vulnerability
- RHSA-2009:1647-01 Critical: java-1.5.0-ibm securit...
- DSA 1947-1: New Shibboleth packages fix cross-site...
- RHSA-2009:1643-01 Critical: java-1.4.2-ibm securit...
- DSA 1945-1: New gforge packages fix denial of service
- DSA 1946-1: New belpic packages fix cryptographic ...
- DSA 1944-1: New request-tracker packages fix sessi...
- USN-863-1: QEMU vulnerability
- RHSA-2009:1635-01 Important: kernel-rt security, b...
- DSA 1943-1: New openldap2.3/openldap packages fix ...
- RHSA-2009:1619-01 Moderate: dstat security update
- GLSA 200912-01 OpenSSL: Multiple vulnerabilities
-
▼
December
(41)