Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 2024-633dc7e183: Critical Grub2 Bypass Vulnerability Detected

fedora
Calendar Grey February 5, 2024
Dist Fedora Esm H88
Fedora's latest update tackles serious grub2 vulnerabilities, specifically the CVE-2023-4001 bypass. Follow the commands to update, reinstall grub2, and regenerate the config.
Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer - 2.06-114 grub- core/commands: add flag to only...

Summary

The GRand Unified Bootloader (GRUB) is a highly configurable and

customizable bootloader with modular architecture. It supports a rich

variety of kernel formats, file systems, computer architectures and

hardware devices.

Update Information:

Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer - 2.06-114 grub- core/commands: add flag to only search root dev Resolves: #2223437 Resolves: #2224951 Resolves: #2258096 Resolves: CVE-2023-4001 Sat Jan 13 2024 Hector Martin - 2.06-113 Switch memdisk compression to lzop Thu Jan 11 2024 Daan De Meyer - 2.06-112 Don't obsolete the tools package with minimal Mon Jan 8 2024 Nicolas Frayer - 2.06-111 xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches Resolves: #2254370 Tue Dec 19 2023 Nicolas Frayer - 2.06-110 normal: fix prefix when loading modules Resolves: #2209435 Resolves: #2173015 Tue Dec 12 2023 leo sandoval - 2.06-109 chainloader: remove device path debug message ```

Change Log

* Mon Jan 15 2024 Nicolas Frayer - 2.06-114 - grub-core/commands: add flag to only search root dev - Resolves: #2223437 - Resolves: #2224951 - Resolves: #2258096 - Resolves: CVE-2023-4001 * Sat Jan 13 2024 Hector Martin - 2.06-113 - Switch memdisk compression to lzop * Thu Jan 11 2024 Daan De Meyer - 2.06-112 - Don't obsolete the tools package with minimal * Mon Jan 8 2024 Nicolas Frayer - 2.06-111 - xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches - Resolves: #2254370 * Tue Dec 19 2023 Nicolas Frayer - 2.06-110 - normal: fix prefix when loading modules - Resolves: #2209435 - Resolves: #2173015 * Tue Dec 12 2023 leo sandoval - 2.06-109 - chainloader: remove device path debug message

References


[ 1 ] Bug #2224951 - CVE-2023-4001 grub2: bypass the GRUB password protection feature https://bugzilla.redhat.com/show_bug.cgi?id=2224951

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-633dc7e183' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: grub2
Product: Fedora 38
Version: 2.06
Release: 114.fc38
URL:
Summary: Bootloader with support for Linux, Multiboot and more

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here