Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 35: FEDORA-2022-7ce9378e90 Critical: Font Security Fix

fedora
Calendar Grey November 30, 2022
Dist Fedora Esm H88
Keep up to date regarding the recent grub2 update from Fedora, which tackles font-associated CVE vulnerabilities, all while optimizing system stability and safeguarding security.
- put the font back in /boot for now Yes, this bloats size by a couple meg

Summary

The GRand Unified Bootloader (GRUB) is a highly configurable and

customizable bootloader with modular architecture. It supports a rich

variety of kernel formats, file systems, computer architectures and

hardware devices.

- put the font back in /boot for now Yes, this bloats size by a couple meg.

Hopefully this won't cause problems for anyone and everyone can be okay with

this CVE fix update. ---- - Adjust the way we provide unicode.pf2 for post-CVE

lockdown policy ---- Two font-related CVE updates (CVE-2022-2601 and

CVE-2022-3775). For more information, see [upstream's

disclosure]()

or the patches themselves.

* Wed Nov 23 2022 Robbie Harwood - 2.06-14

- Put the font in /boot again because lorax is PTO

* Tue Nov 22 2022 Robbie Harwood - 2.06-13

- Bundle unicode.pf2 with images

- Resolves: #2143725

- Resolves: #2144113

* Tue Nov 15 2022 Robbie Harwood - 2.06-12

- Font fixes (CVE-2022-2601 batch)

[ 1 ] Bug #2143725 - 2.06-55.fc36 secure boot problem (non-latin1 characters broken)

https://bugzilla.redhat.com/show_bug.cgi?id=2143725

[ 2 ] Bug #2144113 - Latest grub2 breaks gfxterm

https://bugzilla.redhat.com/show_bug.cgi?id=2144113

[ 3 ] Bug #2146545 - Latest grub2 build drops unicode.pf2 , which breaks multiple critical image composes

https://bugzilla.redhat.com/show_bug.cgi?id=2146545

su -c 'dnf upgrade --advisory FEDORA-2022-7ce9378e90' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory Fedora CVE fix font issue bootloader

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 2.06
Release: 14.fc35
URL:
Summary: Bootloader with support for Linux, Multiboot and more

Topics%20covered

Topics Covered

security advisory Fedora CVE fix font issue bootloader

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here