Уязвимость загрузчика операционных систем Grub2, связанная с целочисленным переполнением значения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

There's an issue with grub2 in all versions before 2.06 when handling ...

Множественные уязвимости GRUB

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

Security update for grub2

Security update for grub2

Security update for grub2

Security update for grub2

Security update for grub2

Security update for grub2

Security update for grub2

Security update for grub2

Security update for grub2

ELSA-2020-5790: grub2 security update (IMPORTANT)

ELSA-2020-5786: grub2 security update (IMPORTANT)

ELSA-2020-5782: grub2 security update (IMPORTANT)