Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Sep 2020 04:24:14 +0200
From:      Ralf Mardorf <ralf-mardorf@riseup.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: Dual-booting/triple-booting FreeBSD under UEFI
Message-ID:  <20200920042414.7d396bc1@archlinux>
In-Reply-To: <20200920035310.72276666@archlinux>
References:  <DB8PR06MB64421AFD5B11F7674E48CBAAF63C0@DB8PR06MB6442.eurprd06.prod.outlook.com> <20200919180814.00005391@seibercom.net> <20200920035310.72276666@archlinux>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
PS:

"Anyway, look for CVE-2020-10713 patches in future changelogs." -
https://www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot/

Probably the most user-friendly and likely less security hardened Linux
distro provides this information:

"Jesse Michael and Mickey Shkatov discovered that the configuration
parser in GRUB2 did not properly exit when errors were discovered,
resulting in heap-based buffer overflows. A local attacker could use
this to execute arbitrary code and bypass UEFI Secure Boot
restrictions. (CVE-2020-10713)

[snip]

The problem can be corrected by updating your system to the following
package versions:" - https://ubuntu.com/security/notices/USN-4432-1

No need to read a changelog or security notices in the first place,
this issue is fixed (most likely not only for Ubuntu ;).



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20200920042414.7d396bc1>