Announcement

Collapse
No announcement yet.

Boot Hole Threat

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Boot Hole Threat

    Interesting Read here: https://www.forbes.com/sites/daveywi.../#64cb3fa3666e

    Some reports state the patches have already been released, other reports imply they are still being worked on. Any news on whether the update is coming or has been dropped for our Distro?

    #2
    My impression is that this is not important. It's a hole in "Secure Boot", which I turn off anyway. It's not a remote execution vulnerability, so access to the hardware is needed, and in that case your security is likely hosed anyway.
    Regards, John Little

    Comment


      #3
      The Ubuntu cvd is here: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10713.html
      There it is called a "low" priority. It refers to https://ubuntu.com/security/notices/USN-3624-2
      which calls it a "medium" priority and refers to https://people.canonical.com/~ubuntu...8-1000156.html
      which refers to patch version 2.7.6.
      The various CVE's mention Ubuntu versions from 12.04 to 18.04 but syas 18.04 is not affected, but doesn't mention 20.04. In my Kubuntu 20.04 install I have
      Code:
      $ patch -v
      GNU patch 2.7.6
      Copyright (C) 2003, 2009-2012 Free Software Foundation, Inc.
      Copyright (C) 1988 Larry Wall
      
      License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
      
      Written by Larry Wall and Paul Eggert
      which supposedly is the buggy version. However, I don't use EUFI or SecureBoot. I'm Legacy, so I am not affected.
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.

      Comment


        #4
        Looking at the article, and following the links to the actual announcement:
        https://eclypsium.com/2020/07/29/the...e-in-the-boot/

        Which leads to these in the references:
        https://ubuntu.com/security/notices/USN-4432-1


        https://wiki.ubuntu.com/SecurityTeam...cureBootBypass



        Update instructions
        The problem can be corrected by updating your system to the following package versions:


        Ubuntu 20.04
        grub-efi-amd64-bin - 2.04-1ubuntu26.1
        grub-efi-amd64-signed - 1.142.3+2.04-1ubuntu26.1
        grub-efi-arm-bin - 2.04-1ubuntu26.1
        grub-efi-arm64-bin - 2.04-1ubuntu26.1
        grub-efi-arm64-signed - 1.142.3+2.04-1ubuntu26.1
        grub-efi-ia32-bin - 2.04-1ubuntu26.1


        Ubuntu 18.04
        grub-efi-amd64-bin - 2.02-2ubuntu8.16
        grub-efi-amd64-signed - 1.93.18+2.02-2ubuntu8.16
        grub-efi-arm-bin - 2.02-2ubuntu8.16
        grub-efi-arm64-bin - 2.02-2ubuntu8.16
        grub-efi-arm64-signed - 1.93.18+2.02-2ubuntu8.16
        grub-efi-ia32-bin - 2.02-2ubuntu8.16
        grub-efi-ia64-bin - 2.02-2ubuntu8.16

        The patches are already out
        Easy to check


        Code:
        $ apt policy grub-efi-amd64-bin 
        grub-efi-amd64-bin:
          Installed: [COLOR=#ff0000][B]2.02-2ubuntu8.16[/B][/COLOR]
          Candidate: 2.02-2ubuntu8.16
          Version table:
         *** 2.02-2ubuntu8.16 500
                500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
                100 /var/lib/dpkg/status
             2.02-2ubuntu8 500
                500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        Code:
        $ apt policy grub-efi-amd64-signed 
        grub-efi-amd64-signed:
          Installed: [COLOR=#ff0000][B]1.93.18+2.02-2ubuntu8.16[/B][/COLOR]
          Candidate: 1.93.18+2.02-2ubuntu8.16
          Version table:
         *** 1.93.18+2.02-2ubuntu8.16 500
                500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
                100 /var/lib/dpkg/status
             1.93+2.02-2ubuntu8 500
                500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

        I got updated grub packages late yesterday. The above is on my 18.04 based system.
        Last edited by claydoh; Jul 30, 2020, 12:32 AM.

        Comment


          #5
          Originally posted by GreyGeek View Post
          That is not related to BootHole

          Comment


            #6
            I need to check my system's administrator, to make sure he's not doing anything nefarious.

            Nope, he's not.

            Just got my updates this morning.

            The next brick house on the left
            Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



            Comment


              #7
              Yeah, much ado about nothing it seems. One of the discoverers listed a litany of things that would have to but in place before this would actually be an attack vector.

              Funner that it's directly related to "Secure Boot." Talk about an oxymoron.

              Please Read Me

              Comment


                #8
                Originally posted by claydoh View Post
                That is not related to BootHole
                https://ubuntu.com/blog/mitigating-b...ulnerabilities
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #9
                  Anyone wants to ransom ware my PC they are welcome to have it. I bought it refurb anyway, and it still uses DDR3 and has a 5 year old CPU.

                  Comment


                    #10
                    And backup, backup, backup! My data is far more important and valuable than my PC. I have a box o' spares with enough to build another PC - except a power supply. Those are cheap enough anyway!
                    The next brick house on the left
                    Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



                    Comment

                    Working...
                    X