Debian Linux distro users get BootHole CVE-2020-10713 vulnerability patch with Debian GNU/Linux 10.5 “Buster”
The BootHole GRUB2 vulnerability had forced many Linux distros like Red Hat, Canonical to release out of turn patches. Many of these patches have been put on hold because they sometimes cause the Linux systems to hang. On the other hand, the Debian dev team today announced the release of Debian GNU/Linux 10.5 as the fifth maintenance update and ISO release of the latest stable Debian GNU/Linux 10 “Buster” operating system series.
The Debian 10.5 comes just three months after the Debian GNU/Linux 10.4 update and comes with many critical security updates. The most important among them is the patch for the CVE-2020-10713 BootHole GRUB2 or Secure Boot vulnerability. Debian 10.5 Buster neutralizes the BootHole by making the Secure Boot shims signed with a different key.
BootHole vulnerability allows hackers to tamper with the GRUB2 component to insert and execute malicious code during the boot-loading process, effectively allowing attackers to plant code that has full control of the OS, launched at a later point.
BootHole may become a wormable malware as cybercriminals could write a bootkit based on it. Such BootHole bootkit malware may survive on the device despite having anti-virus or security software as it dwells in the motherboard physical memory in locations separate from the actual OS, allowing it to survive OS reinstalls.
Debian GNU/Linux 10.5 installation files are available on their website here. If you are a Debian Buster user, you can use this command to update your Debian GNU/Linux 10 “Buster” to the latest 10.5 version.
sudo apt-get update && sudo apt-get full-upgrad
You can view the changelog for the Debian 10.5 here.