ELA-760-1 grub2 security update

execution of arbitrary code

2022-12-30
Packagegrub2
Version2.02~beta3-5+deb9u3 (stretch)
Related CVEs CVE-2022-2601 CVE-2022-3775


Several issues were found in GRUB2’s font handling code, which could result in crashes and potentially execution of arbitrary code.



For Debian 9 stretch, these problems have been fixed in version 2.02~beta3-5+deb9u3.

We recommend that you upgrade your grub2 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.