SCIENTIFIC-LINUX-ERRATA Archives

December 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Date:
Mon, 21 Dec 2015 23:19:00 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines)
Synopsis:          Moderate: grub2 security and bug fix update
Advisory ID:       SLSA-2015:2623-1
Issue Date:        2015-12-15
CVE Numbers:       CVE-2015-8370
--

A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system. (CVE-2015-8370)

This update also fixes the following bug:

* When upgrading from Scientific Linux 7.1 and earlier, a configured boot
password was not correctly migrated to the newly introduced user.cfg
configuration files. This could possibly prevent system administrators
from changing grub2 configuration during system boot even if they provided
the correct password. This update corrects the password migration script
and the incorrectly generated user.cfg file.
--

SL7
  x86_64
    grub2-2.02-0.33.el7_2.x86_64.rpm
    grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm
    grub2-efi-2.02-0.33.el7_2.x86_64.rpm
    grub2-tools-2.02-0.33.el7_2.x86_64.rpm
    grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2