[arch-security] [CVE-2015-8370] Grub2 Authentication (Back to 28)

Levente Polyak anthraxx at archlinux.org
Wed Dec 16 19:07:50 UTC 2015

On 12/16/2015 07:55 PM, Ivan wrote:
> A recent vulnerability has been discovered, affecting GRUB from
> versions 1.98 to 2.02.
> More info: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

Hey Ivan,

an updated GRUB version is already laying in testing and awaits
sign-offs [0].
Thanks anyway for reporting, however if you just want to make sure it
gets handled and we are aware of the issue, feel free to instead simply
join the IRC channel #archlinux-security on freenode and drop us a
message there.


[0] https://www.archlinux.org/packages/testing/x86_64/grub/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151216/0a8addba/attachment.asc>

More information about the arch-security mailing list