[SECURITY] Fedora 16 Update: grub2-1.99-13.fc16.3

updates at fedoraproject.org updates at fedoraproject.org
Thu May 10 14:20:18 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-7579
2012-05-10 03:42:01
--------------------------------------------------------------------------------

Name        : grub2
Product     : Fedora 16
Version     : 1.99
Release     : 13.fc16.3
URL         : http://www.gnu.org/software/grub/
Summary     : Bootloader with support for Linux, Multiboot and more
Description :
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture.  It support rich varietyof kernel formats,
file systems, computer architectures and hardware devices.

--------------------------------------------------------------------------------
Update Information:

Don't allow non-root users to view contents of /etc/grub.d (CVE-2012-2314)
--------------------------------------------------------------------------------
ChangeLog:

* Mon May  7 2012 Peter Jones <pjones at redhat.com> - 1.99-13.3
- Work around #819031 .
* Mon Mar 12 2012 Adam Williamson <awilliam at redhat.com> - 1:1.99-13.2
- Build with -Os for both grub2-efi and regular grub2 (complete fix for
  782144) (thanks Ian Collier)
* Fri Feb 17 2012 Orion Poplawski <orion at cora.nwra.com> - 1:1.99-13.1
- Build with -Os (bug 782144)
* Thu Dec  8 2011 Adam Williamson <awilliam at redhat.com> - 1.99-13
- fix hardwired call to grub-probe in 30_os-prober (rhbz#737203)
* Mon Nov  7 2011 Peter Jones <pjones at redhat.com> - 1.99-12
- Lots of .spec fixes from Mads Kiilerich:
  Remove comment about update-grub - it isn't run in any scriptlets
  patch info pages so they can be installed and removed correctly when renamed
  fix references to grub/grub2 renames in info pages (#743964)
  update README.Fedora (#734090)
  fix comments for the hack for upgrading from grub2 < 1.99-4
  fix sed syntax error preventing use of $RPM_OPT_FLAGS (#704820)
  make /etc/grub2*.cfg %config(noreplace)
  make grub.cfg %ghost - an empty file is of no use anyway
  create /etc/default/grub more like anaconda would create it (#678453)
  don't create rescue entries by default - grubby will not maintain them anyway
  set GRUB_SAVEDEFAULT=true so saved defaults works (rbhz#732058)
  grub2-efi should have its own bash completion
  don't set gfxpayload in efi mode - backport upstream r3402
- Handle dmraid better. Resolves: rhbz#742226
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #819031 - CVE-2012-2314 anaconda: Weak permissions by writing password configuration file in bootloader configuration module
        https://bugzilla.redhat.com/show_bug.cgi?id=819031
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update grub2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list