Information on source package grub2

Available versions

ReleaseVersion
stretch2.02~beta3-5+deb9u2
buster2.02+dfsg1-20+deb10u2
bullseye2.04-8
sid2.04-9

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-15707vulnerable (no DSA, ignored)fixedvulnerablefixedInteger overflows were discovered in the functions grub_cmd_initrd and ...
CVE-2020-15706vulnerable (no DSA, ignored)fixedvulnerablefixedGRUB2 contains a race condition in grub_script_function_create() leadi ...
CVE-2020-14311vulnerable (no DSA, ignored)fixedvulnerablefixedThere is an issue with grub2 before version 2.06 while handling symlin ...
CVE-2020-14310vulnerable (no DSA, ignored)fixedvulnerablefixedThere is an issue on grub2 before version 2.06 at function read_sectio ...
CVE-2020-14309vulnerable (no DSA, ignored)fixedvulnerablefixedThere's an issue with grub2 in all versions before 2.06 when handling ...
CVE-2020-14308vulnerable (no DSA, ignored)fixedvulnerablefixedIn grub2 versions before 2.06 the grub memory allocator doesn't check ...
CVE-2020-10713vulnerable (no DSA, ignored)fixedvulnerablefixedA flaw was found in grub2, prior to version 2.06. An attacker may use ...

Resolved issues

BugDescription
CVE-2020-15705GRUB2 fails to validate kernel signature when booted directly without ...
CVE-2019-14865A flaw was found in the grub2-set-bootflag utility of grub2. A local a ...
CVE-2017-9763The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...
CVE-2015-8370Multiple integer underflows in Grub2 1.98 through 2.02 allow physicall ...
CVE-2015-5281The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...
CVE-2013-4577A certain Debian patch for GNU GRUB uses world-readable permissions fo ...
CVE-2009-4128GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...

Security announcements

DSA / DLADescription
DSA-4735-2grub2 - regression update
DSA-4735-1grub2 - security update
DSA-3421-1grub2 - security update
DLA-368-1grub2 - security update

Search for package or bug name: Reporting problems