RedHat: RHSA-2022-2110:01 Low: grub2 security, bug fix, | LinuxSecu...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: grub2 security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:2110-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:2110
Issue date:        2022-05-10
CVE Names:         CVE-2021-3981 
=====================================================================

1. Summary:

An update for grub2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: Incorrect permission in grub.cfg allow unprivileged user to read
the file content (CVE-2021-3981)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1809246 - [RFE] GRUB does not consider information from proxy dhcp server
1899903 - grub2-mkconfig is never run on kernel upgrade even if GRUB_ENABLE_BLSCFG=false
1914575 - grub-boot-success.service should not be started inside systemd-nspawn container
2016269 - RPM grub2-tools-minimal is shipping prelink config files although prelink is absent in rhel8
2020927 - GRUB_TERMINAL_INPUT=at_keyboard makes grub stay on boot menu instead of starting the timeout
2024170 - CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content
2048904 - Cannot EFI chainload onto local disk when EFI partition is in Software Raid
2061252 - grub on OpenFirmware : search --hint-ieee1275= does not work
2069157 - grub2 signed by Red Hat Test Certificate

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
grub2-2.02-123.el8.src.rpm

aarch64:
grub2-debuginfo-2.02-123.el8.aarch64.rpm
grub2-debugsource-2.02-123.el8.aarch64.rpm
grub2-efi-aa64-2.02-123.el8.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-123.el8.aarch64.rpm
grub2-tools-2.02-123.el8.aarch64.rpm
grub2-tools-debuginfo-2.02-123.el8.aarch64.rpm
grub2-tools-extra-2.02-123.el8.aarch64.rpm
grub2-tools-extra-debuginfo-2.02-123.el8.aarch64.rpm
grub2-tools-minimal-2.02-123.el8.aarch64.rpm
grub2-tools-minimal-debuginfo-2.02-123.el8.aarch64.rpm

noarch:
grub2-common-2.02-123.el8.noarch.rpm
grub2-efi-aa64-modules-2.02-123.el8.noarch.rpm
grub2-efi-ia32-modules-2.02-123.el8.noarch.rpm
grub2-efi-x64-modules-2.02-123.el8.noarch.rpm
grub2-pc-modules-2.02-123.el8.noarch.rpm
grub2-ppc64le-modules-2.02-123.el8.noarch.rpm

ppc64le:
grub2-debuginfo-2.02-123.el8.ppc64le.rpm
grub2-debugsource-2.02-123.el8.ppc64le.rpm
grub2-ppc64le-2.02-123.el8.ppc64le.rpm
grub2-tools-2.02-123.el8.ppc64le.rpm
grub2-tools-debuginfo-2.02-123.el8.ppc64le.rpm
grub2-tools-extra-2.02-123.el8.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-123.el8.ppc64le.rpm
grub2-tools-minimal-2.02-123.el8.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-123.el8.ppc64le.rpm

x86_64:
grub2-debuginfo-2.02-123.el8.x86_64.rpm
grub2-debugsource-2.02-123.el8.x86_64.rpm
grub2-efi-ia32-2.02-123.el8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-123.el8.x86_64.rpm
grub2-efi-x64-2.02-123.el8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-123.el8.x86_64.rpm
grub2-pc-2.02-123.el8.x86_64.rpm
grub2-tools-2.02-123.el8.x86_64.rpm
grub2-tools-debuginfo-2.02-123.el8.x86_64.rpm
grub2-tools-efi-2.02-123.el8.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-123.el8.x86_64.rpm
grub2-tools-extra-2.02-123.el8.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-123.el8.x86_64.rpm
grub2-tools-minimal-2.02-123.el8.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-123.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3981
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnqRstzjgjWX9erEAQgbGA//Yt1p6YQS2BSVdTiseVPgoc+JJui5N5wn
/YkZy6vGvKSdtaYNegyb4arqW8+qIbLrlNF5j1p16nrZ2a+ONRFxozO866M1FIXa
Lc6edJKULuW20398JD7Txu4mYnTZO692HLHSYvTsadS6wF+oXm1NqoTnaQBJM6F+
MiTxXE6iOb247LTNElA2Zqq+0qGR4EJ84DNmF82Y4OVmcawCpCmVQFPNXRasfhNl
EqKuhGvt3vRCW5VY51b6nwC5b+AiAClFkIIlkfaurqgZzPInnX0fZyrO41Jy81So
ECK+ZZlOpZDhh8r6XnjPVvzVHwY8iG3LvAPvG3UWqwcXViRUheajdL2LhJyPjg9j
sf2Q+eVrf9WfKGWdPHsw1+bu08ebHkKdAth6psW7QuUuCjj4AW+X2amm0jE/eFUi
SLiSfh3V7rhpLWaPg+S4ptTyuAswpkXR2smMBmljojfx3wGvJVelO+183asFHR4B
+aXSxw05jkiwNZB+7TMdhNiiKkC7TagxeQcMqMqD+yvk8mOeTBNafG7WzbyLO8io
HFn8VrzXWc3RHJcyMT3oeR6bBVM3ro1mm8BOiikK1nFwNJtkT0ct+Yj9glwUXmGy
EAQempaqwkyyrYtmrIdDu2pp07bO2/LHHloDm4JF3V8bHfWlHc/IPEP6QiibSx5P
Q+YUwE3ShUs=
=ZVXv
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-2110:01 Low: grub2 security, bug fix,

An update for grub2 is now available for Red Hat Enterprise Linux 8

Summary

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content (CVE-2021-3981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-3981 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Package List

Red Hat Enterprise Linux BaseOS (v. 8):
Source: grub2-2.02-123.el8.src.rpm
aarch64: grub2-debuginfo-2.02-123.el8.aarch64.rpm grub2-debugsource-2.02-123.el8.aarch64.rpm grub2-efi-aa64-2.02-123.el8.aarch64.rpm grub2-efi-aa64-cdboot-2.02-123.el8.aarch64.rpm grub2-tools-2.02-123.el8.aarch64.rpm grub2-tools-debuginfo-2.02-123.el8.aarch64.rpm grub2-tools-extra-2.02-123.el8.aarch64.rpm grub2-tools-extra-debuginfo-2.02-123.el8.aarch64.rpm grub2-tools-minimal-2.02-123.el8.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8.aarch64.rpm
noarch: grub2-common-2.02-123.el8.noarch.rpm grub2-efi-aa64-modules-2.02-123.el8.noarch.rpm grub2-efi-ia32-modules-2.02-123.el8.noarch.rpm grub2-efi-x64-modules-2.02-123.el8.noarch.rpm grub2-pc-modules-2.02-123.el8.noarch.rpm grub2-ppc64le-modules-2.02-123.el8.noarch.rpm
ppc64le: grub2-debuginfo-2.02-123.el8.ppc64le.rpm grub2-debugsource-2.02-123.el8.ppc64le.rpm grub2-ppc64le-2.02-123.el8.ppc64le.rpm grub2-tools-2.02-123.el8.ppc64le.rpm grub2-tools-debuginfo-2.02-123.el8.ppc64le.rpm grub2-tools-extra-2.02-123.el8.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-123.el8.ppc64le.rpm grub2-tools-minimal-2.02-123.el8.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-123.el8.ppc64le.rpm
x86_64: grub2-debuginfo-2.02-123.el8.x86_64.rpm grub2-debugsource-2.02-123.el8.x86_64.rpm grub2-efi-ia32-2.02-123.el8.x86_64.rpm grub2-efi-ia32-cdboot-2.02-123.el8.x86_64.rpm grub2-efi-x64-2.02-123.el8.x86_64.rpm grub2-efi-x64-cdboot-2.02-123.el8.x86_64.rpm grub2-pc-2.02-123.el8.x86_64.rpm grub2-tools-2.02-123.el8.x86_64.rpm grub2-tools-debuginfo-2.02-123.el8.x86_64.rpm grub2-tools-efi-2.02-123.el8.x86_64.rpm grub2-tools-efi-debuginfo-2.02-123.el8.x86_64.rpm grub2-tools-extra-2.02-123.el8.x86_64.rpm grub2-tools-extra-debuginfo-2.02-123.el8.x86_64.rpm grub2-tools-minimal-2.02-123.el8.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:2110-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2110
Issued Date: : 2022-05-10
CVE Names: CVE-2021-3981

Topic

An update for grub2 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, x86_64

Bugs Fixed

1809246 - [RFE] GRUB does not consider information from proxy dhcp server

1899903 - grub2-mkconfig is never run on kernel upgrade even if GRUB_ENABLE_BLSCFG=false

1914575 - grub-boot-success.service should not be started inside systemd-nspawn container

2016269 - RPM grub2-tools-minimal is shipping prelink config files although prelink is absent in rhel8

2020927 - GRUB_TERMINAL_INPUT=at_keyboard makes grub stay on boot menu instead of starting the timeout

2024170 - CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content

2048904 - Cannot EFI chainload onto local disk when EFI partition is in Software Raid

2061252 - grub on OpenFirmware : search --hint-ieee1275= does not work

2069157 - grub2 signed by Red Hat Test Certificate

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.