[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux_var] grub2 0-day

Il 18/12/2015 11:01, Mr. P|pex ha scritto:

ciao
segnalo l'articolo che parla di un bug abbastanza grave

http://punto-informatico.it/4290469/PI/News/grub2-violare-boot-loader-linux-basta-insistere.aspx

http://news.softpedia.com/news/zero-day-grub2-vulnerability-hits-linux-users-patch-available-for-ubuntu-rhel-497688.shtml

bye
GM




Dal changelog di Slackware:

Fri Dec 18 05:28:25 UTC 2015
patches/packages/grub-2.00-x86_64-3_slack14.1.txz:  Rebuilt.
  Patched bug where password protection during system startup may be
  bypassed by hitting the backspace key 28 times giving a rescue shell.
  Thanks to Hector Marco and Ismael Ripoll.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
  (* Security fix *)
_______________________________________________
Talking mailing list
Talking@ml.linuxvar.it
http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking