17191 – grub2 new security issue CVE-2015-5281

Bug 17191 - grub2 new security issue CVE-2015-5281

Summary: grub2 new security issue CVE-2015-5281

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Barry Jackson
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/665247/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-11-20 19:07 CET by David Walser
Modified:	2015-11-21 01:12 CET (History)
CC List:	0 users

See Also:
Source RPM:	grub2-2.02-0.git9752.18.2.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-11-20 19:07:53 CET

RedHat has issued an advisory on November 19:
https://rhn.redhat.com/errata/RHSA-2015-2401.html

I'm not sure if this has any relevance to us since we don't use "Secure Boot."

Reproducible: 

Steps to Reproduce:

Comment 1 Barry Jackson 2015-11-21 01:10:44 CET

No, CVE-2015-5281 does not concern us.

I have spoken with upstream and this only applies to the grub-mkimage invocation when the resulting .efi binary is getting signed for Secure Boot.

I will of course try to stay in sync with Fedora patches as appropriate, however there is no security issue here for us.

Comment 2 David Walser 2015-11-21 01:12:16 CET

Thanks for looking into it :o)

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.