Debian Security Advisory

DLA-368-1 grub2 -- LTS security update

Date Reported:
12 Dec 2015
Affected Packages:
grub2
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-8370.
More information:

Hector Marco-Gisbert, from the Universitat Politècnica de València Cybersecurity Team, reported a buffer overflow in grub2 when checking password during bootup.

For Debian 6 Squeeze, this problem has been fixed in grub2 version 1.98+20100804-14+squeeze2. We recommend you to upgrade your grub2 packages.