Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 2024-633dc7e183: Critical Grub2 Bypass Vulnerability Detected

fedora
Calendar Grey February 5, 2024
Dist Fedora Esm H88
Fedora's latest update tackles serious grub2 vulnerabilities, specifically the CVE-2023-4001 bypass. Follow the commands to update, reinstall grub2, and regenerate the config.
Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer - 2.06-114 grub- core/commands: add flag to only...

Summary

The GRand Unified Bootloader (GRUB) is a highly configurable and

customizable bootloader with modular architecture. It supports a rich

variety of kernel formats, file systems, computer architectures and

hardware devices.

Update Information:

Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer - 2.06-114 grub- core/commands: add flag to only search root dev Resolves: #2223437 Resolves: #2224951 Resolves: #2258096 Resolves: CVE-2023-4001 Sat Jan 13 2024 Hector Martin - 2.06-113 Switch memdisk compression to lzop Thu Jan 11 2024 Daan De Meyer - 2.06-112 Don't obsolete the tools package with minimal Mon Jan 8 2024 Nicolas Frayer - 2.06-111 xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches Resolves: #2254370 Tue Dec 19 2023 Nicolas Frayer - 2.06-110 normal: fix prefix when loading modules Resolves: #2209435 Resolves: #2173015 Tue Dec 12 2023 leo sandoval - 2.06-109 chainloader: remove device path debug message ```

Topics%20covered

Topics Covered

security advisory fedora update critical grub2 bootloader bypass issue

Change Log

* Mon Jan 15 2024 Nicolas Frayer - 2.06-114 - grub-core/commands: add flag to only search root dev - Resolves: #2223437 - Resolves: #2224951 - Resolves: #2258096 - Resolves: CVE-2023-4001 * Sat Jan 13 2024 Hector Martin - 2.06-113 - Switch memdisk compression to lzop * Thu Jan 11 2024 Daan De Meyer - 2.06-112 - Don't obsolete the tools package with minimal * Mon Jan 8 2024 Nicolas Frayer - 2.06-111 - xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches - Resolves: #2254370 * Tue Dec 19 2023 Nicolas Frayer - 2.06-110 - normal: fix prefix when loading modules - Resolves: #2209435 - Resolves: #2173015 * Tue Dec 12 2023 leo sandoval - 2.06-109 - chainloader: remove device path debug message

References


[ 1 ] Bug #2224951 - CVE-2023-4001 grub2: bypass the GRUB password protection feature https://bugzilla.redhat.com/show_bug.cgi?id=2224951

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-633dc7e183' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: grub2
Product: Fedora 38
Version: 2.06
Release: 114.fc38
URL:
Summary: Bootloader with support for Linux, Multiboot and more

Topics%20covered

Topics Covered

security advisory fedora update critical grub2 bootloader bypass issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here