Bug 17191

Summary: grub2 new security issue CVE-2015-5281
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Barry Jackson <zen25000>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/665247/
Whiteboard:
Source RPM: grub2-2.02-0.git9752.18.2.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-11-20 19:07:53 CET 
RedHat has issued an advisory on November 19:
https://rhn.redhat.com/errata/RHSA-2015-2401.html

I'm not sure if this has any relevance to us since we don't use "Secure Boot."

Reproducible: 

Steps to Reproduce:
Comment 1 Barry Jackson 2015-11-21 01:10:44 CET 
No, CVE-2015-5281 does not concern us.

I have spoken with upstream and this only applies to the grub-mkimage invocation when the resulting .efi binary is getting signed for Secure Boot.

I will of course try to stay in sync with Fedora patches as appropriate, however there is no security issue here for us.
Comment 2 David Walser 2015-11-21 01:12:16 CET 
Thanks for looking into it :o)

Status: NEW => RESOLVED
Resolution: (none) => INVALID