Advisories » MGASA-2015-0480

Updated grub2 packages fix security vulnerability

Publication date: 20 Dec 2015
Modification date: 20 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8370

Description

A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system (CVE-2015-8370).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17334
• http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
• https://rhn.redhat.com/errata/RHSA-2015-2623.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370

SRPMS

5/core

• grub2-2.02-0.git9752.18.3.mga5