Canonical discovered vulnerability in GRUB2

For those unfamiliar with this; Canonical is a company established in the UK, founded and funded by Mark Shuttleworth of South African origin. The company is responsible for developing computer software services and trade oriented to Ubuntu, the operating system GNU / Linux and applications based on free software.

In the case of GRUB or GRand Unified Bootloader , we can say that it is used to initiate one or more operating systems on the same computer, it is what is known as a boot loader, fully open source.

Now, we talk about the Zero-Day vulnerability in GRUB2. first it was founded by Ismael Ripoll and Hector Marco, two developers of the University of Valencia in Spain.uncovered a strange bug that will let you into most Linux machines just by hitting the backspace key 28 times. It is misuse of keyboard combinations, where pressing any key can ignore the password entry. This problem lies in the packages upstream and obviously make it very vulnerable.

In the case of Ubuntu, several versions have this failure vulnerability, many distributions are based on it.

Among the affected versions of Ubuntu we have:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

The problem can be corrected by updating your system to the following package versions:

  • Ubuntu 15.10: grub2-common at 2.02 ~ beta2-29ubuntu0.2
  • Ubuntu 15.04: grub2-common at 2.02 ~ beta2-22ubuntu1.4
  • Ubuntu 14.04 LTS: grub2-common at 2.02 ~ beta2-9ubuntu1.6
  • Ubuntu 12.04 LTS: grub2-common to 1.99-21ubuntu3.19

After the update is to restart the computer to make all the necessary changes.

Remember that this vulnerability could be used to circumvent the GRUB password, so it is recommended to perform the upgrade to stay safe.

Leave a Reply