Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 40: FEDORA-2024-2b545d3085 Critical: GRUB2 Out-Of-Bounds Fix

fedora
Calendar Grey April 23, 2024
Dist Fedora Esm H88
Improvements in Fedora grub2 tackle security vulnerabilities concerning buffer overflow reads and possible execution of malicious code.
Security fix for CVE-2023-4692 Security fix for CVE-2023-4693 Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-121 fs/xfs: Handle non-continuous data blocks in directory ex...

Summary

The GRand Unified Bootloader (GRUB) is a highly configurable and

customizable bootloader with modular architecture. It supports a rich

variety of kernel formats, file systems, computer architectures and

hardware devices.

Update Information:

Security fix for CVE-2023-4692 Security fix for CVE-2023-4693 Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-121 fs/xfs: Handle non-continuous data blocks in directory extents Related: #2254370 Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-120 GRUB2 NTFS driver vulnerabilities (CVE-2023-4692) (CVE-2023-4693) Resolves: #2236613 Resolves: #2241978 Resolves: #2241976 Resolves: #2238343

Topics%20covered

Topics Covered

security advisory fedora critical code execution out-of-bounds grub2 read issue

Change Log

* Fri Apr 12 2024 Nicolas Frayer - 2.06-121 - fs/xfs: Handle non-continuous data blocks in directory extents - Related: #2254370 * Fri Mar 8 2024 Nicolas Frayer - 2.06-120 - GRUB2 NTFS driver vulnerabilities - (CVE-2023-4692) - (CVE-2023-4693) - Resolves: #2236613 - Resolves: #2241978 - Resolves: #2241976 - Resolves: #2238343

References


[ 1 ] Bug #2236613 - CVE-2023-4692 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution https://bugzilla.redhat.com/show_bug.cgi?id=2236613 [ 2 ] Bug #2238343 - CVE-2023-4693 grub2: out-of-bounds read at fs/ntfs.c https://bugzilla.redhat.com/show_bug.cgi?id=2238343

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2b545d3085' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: grub2
Product: Fedora 40
Version: 2.06
Release: 121.fc40
URL:
Summary: Bootloader with support for Linux, Multiboot and more

Topics%20covered

Topics Covered

security advisory fedora critical code execution out-of-bounds grub2 read issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here