Date: Sun, 20 Sep 2020 04:24:14 +0200 From: Ralf Mardorf <ralf-mardorf@riseup.net> To: freebsd-questions@freebsd.org Subject: Re: Dual-booting/triple-booting FreeBSD under UEFI Message-ID: <20200920042414.7d396bc1@archlinux> In-Reply-To: <20200920035310.72276666@archlinux> References: <DB8PR06MB64421AFD5B11F7674E48CBAAF63C0@DB8PR06MB6442.eurprd06.prod.outlook.com> <20200919180814.00005391@seibercom.net> <20200920035310.72276666@archlinux>
next in thread | previous in thread | raw e-mail | index | archive | help
PS: "Anyway, look for CVE-2020-10713 patches in future changelogs." - https://www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot/ Probably the most user-friendly and likely less security hardened Linux distro provides this information: "Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) [snip] The problem can be corrected by updating your system to the following package versions:" - https://ubuntu.com/security/notices/USN-4432-1 No need to read a changelog or security notices in the first place, this issue is fixed (most likely not only for Ubuntu ;).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200920042414.7d396bc1>