Explore top 10 tips to secure your open-source projects now. Read More
×
Multiple vulnerabilties were discovered in u-boot, a boot loader for embedded systems. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4150-1
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grub2 security and bug fix update Advisory ID: RHSA-2023:0048-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0048 Issue date: 2023-01-09 CVE Names: CVE-2022-2601 CVE-2022-3775 ==================================================================== 1. Summary: An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601) * grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL8.6][SecureBoot][Denali/P10] bootprocess stops at grub prompt after copying the signed grub to prep partition (BZ#2108049) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences 6. Package List: Red Hat Enterprise Linux BaseOS EUS(v.8.6): Source: grub2-2.02-123.el8_6.12.src.rpm aarch64: grub2-debuginfo-2.02-123.el8_6.12.aarch64.rpm grub2-debugsource-2.02-123.el8_6.12.aarch64.rpm grub2-efi-aa64-2.02-123.el8_6.12.aarch64.rpm grub2-efi-aa64-cdboot-2.02-123.el8_6.12.aarch64.rpm grub2-tools-2.02-123.el8_6.12.aarch64.rpm grub2-tools-debuginfo-2.02-123.el8_6.12.aarch64.rpm grub2-tools-extra-2.02-123.el8_6.12.aarch64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.12.aarch64.rpm grub2-tools-minimal-2.02-123.el8_6.12.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.12.aarch64.rpm noarch: grub2-common-2.02-123.el8_6.12.noarch.rpm grub2-efi-aa64-modules-2.02-123.el8_6.12.noarch.rpm grub2-efi-ia32-modules-2.02-123.el8_6.12.noarch.rpm grub2-efi-x64-modules-2.02-123.el8_6.12.noarch.rpm grub2-pc-modules-2.02-123.el8_6.12.noarch.rpm grub2-ppc64le-modules-2.02-123.el8_6.12.noarch.rpm ppc64le: grub2-debuginfo-2.02-123.el8_6.12.ppc64le.rpm grub2-debugsource-2.02-123.el8_6.12.ppc64le.rpm grub2-ppc64le-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-debuginfo-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-extra-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-minimal-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.12.ppc64le.rpm x86_64: grub2-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-debugsource-2.02-123.el8_6.12.x86_64.rpm grub2-efi-ia32-2.02-123.el8_6.12.x86_64.rpm grub2-efi-ia32-cdboot-2.02-123.el8_6.12.x86_64.rpm grub2-efi-x64-2.02-123.el8_6.12.x86_64.rpm grub2-efi-x64-cdboot-2.02-123.el8_6.12.x86_64.rpm grub2-pc-2.02-123.el8_6.12.x86_64.rpm grub2-tools-2.02-123.el8_6.12.x86_64.rpm grub2-tools-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-tools-efi-2.02-123.el8_6.12.x86_64.rpm grub2-tools-efi-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-tools-extra-2.02-123.el8_6.12.x86_64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-tools-minimal-2.02-123.el8_6.12.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY7xCD9zjgjWX9erEAQhfzA/7Ba+eaWDBSVgfND359hC383ptYeHqg4pg 4umJfzuRvYPEMV4mg62iBci5gSoIWMvFTT0somnAEtT/F5fmmIMJhJBCtin4GqMs XxiOZQVGPVySBgTQNorSiXkC2z40tBfYRuyrkDNvwCWlKuv+G7bdkZY4IKbOUKu4 dvP2ZZu+WDwB+mxR2NUjoTkreOsbJrTEysDmoZWxuN25dPuYpBwRbt+VLVMPNY0B CEs4WhJdHnLnSQCRJhUMwWQPpt2akDqvSwX/Qphz/UlFu8Cs+s8YFCs/BQxLI4ku UWJL1eTjtnb3iQMmP36fRF1GVc2YsalMDAmEwXcZsSF36t5qlJNMaHELiepSQP2v QOuMuSXqX3gFb6Vw2+uqEHZ97I5DYUnWwWV3tmVPULqitNf1dMtYG/SlHucRebNw 0h5nQxEzkSz0/5DLvAlNeMPh9+7/xKwsSacbCpBXODy3n6AW3R7YflycuqahsIRt kh+3B21g6RIr73QnJNnwlCJN6QEGEMvTGq6XJuCilOe43QjZ5D4ptY7gco7o2UQS PNBNYmhSghF3TQNyVGDqrqF36Zd8r5Q7+NIQh/aTnL+BXZtuRA4qH/XsDOrETwro 5aNXQVW/1aM3xsnbSV8OGGFCr9G65xTZR2slziC3VYNpcZ43YHFMxHifV0tCfPsG CprlG5jMKn4=YOdv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grub2 security and bug fix update Advisory ID: RHSA-2022:8978-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8978 Issue date: 2022-12-13 CVE Names: CVE-2022-2601 CVE-2022-3775 ==================================================================== 1. Summary: An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601) * grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Kernel Panic on Milan when enableSEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104) * [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358) * RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434) * ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences 6. Package List: Red Hat Enterprise Linux BaseOS EUS(v.9.0): Source: grub2-2.06-27.el9_0.12.src.rpm aarch64: grub2-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-debugsource-2.06-27.el9_0.12.aarch64.rpm grub2-efi-aa64-2.06-27.el9_0.12.aarch64.rpm grub2-efi-aa64-cdboot-2.06-27.el9_0.12.aarch64.rpm grub2-emu-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-2.06-27.el9_0.12.aarch64.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-extra-2.06-27.el9_0.12.aarch64.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-minimal-2.06-27.el9_0.12.aarch64.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.aarch64.rpm noarch: grub2-common-2.06-27.el9_0.12.noarch.rpm grub2-efi-aa64-modules-2.06-27.el9_0.12.noarch.rpm grub2-efi-x64-modules-2.06-27.el9_0.12.noarch.rpm grub2-pc-modules-2.06-27.el9_0.12.noarch.rpm grub2-ppc64le-modules-2.06-27.el9_0.12.noarch.rpm ppc64le: grub2-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-debugsource-2.06-27.el9_0.12.ppc64le.rpm grub2-ppc64le-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-extra-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-minimal-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.ppc64le.rpm x86_64: grub2-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-debugsource-2.06-27.el9_0.12.x86_64.rpm grub2-efi-x64-2.06-27.el9_0.12.x86_64.rpm grub2-efi-x64-cdboot-2.06-27.el9_0.12.x86_64.rpm grub2-emu-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-pc-2.06-27.el9_0.12.x86_64.rpm grub2-tools-2.06-27.el9_0.12.x86_64.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-tools-efi-2.06-27.el9_0.12.x86_64.rpm grub2-tools-efi-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-tools-extra-2.06-27.el9_0.12.x86_64.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-tools-minimal-2.06-27.el9_0.12.x86_64.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details onhow to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5j9/NzjgjWX9erEAQjbZQ//a/froDILL6ZRBqxuscAjkZrWUPfPWEzw m7mLmI0/hIhR5bREv03E0PoLEhRFQrB0eggfcc1lOQGcNCDTazvuUsSaBU1ULUHV TVDcoTRPQl/NRnlfGPFvCn9Yz2rWYx9rkeI+rmHD7JBNewYDY1WdA/mmxp9RvV0X fxDtwLPfO7PauAe23oCJdmZh1GypZbk3nfS4unkYyu/PLPKiB+MMN/bpAjIqwrML xzwc/b/hVmJz3xg5qh+5/2+0P3Oug4hND72JZBYAtbuycCtEHzm29VoNMOOi+P9E ApJBiF/V9qyndwFKqi9pyyNtv5naRCcGdYdnUFRaknjF0DKxIsXBs+K1FREtiTDo LDXOUuLFe0KYPzY4sD9AMRaikuQWmV5oC0BE7w9bPvuFtXBSttwXkqHJ0D5kt0Da PRAXsIfcww0XV91LCui77mrjUPOlIfR0XfxMUrMdde0TJnnTi54DCNM0NJLKmoVV 83DQqi8Ln1xq+zG78muAgsLCwpB2tL45iyRzD6esZ3VlMbH6sDsOABKNZxJPD+UL MCPcvO2ypEBGSH/kppTU/SvKN2ijFPM2ZhV15UX4zI+TcAq1YKoQAdjwAqN39Ksk KVRCqno6wJbKREWTijUUM0x7XiLQB+gJ2Z869F6cXxaJ4teY7DprTQQ2xMKbz/lr KJfj48QotlU=A8i1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grub2 security update Advisory ID: RHSA-2022:8900-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8900 Issue date: 2022-12-08 CVE Names: CVE-2022-28733 ==================================================================== 1. Summary: An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Integer underflow ingrub_net_recv_ip4_packets (CVE-2022-28733) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm ppc64: grub2-2.02-0.87.el7_9.11.ppc64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.ppc64.rpm grub2-ppc64-2.02-0.87.el7_9.11.ppc64.rpm grub2-tools-2.02-0.87.el7_9.11.ppc64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.ppc64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.ppc64.rpm ppc64le: grub2-2.02-0.87.el7_9.11.ppc64le.rpm grub2-debuginfo-2.02-0.87.el7_9.11.ppc64le.rpm grub2-ppc64le-2.02-0.87.el7_9.11.ppc64le.rpm grub2-tools-2.02-0.87.el7_9.11.ppc64le.rpm grub2-tools-extra-2.02-0.87.el7_9.11.ppc64le.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.ppc64le.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY5ISD9zjgjWX9erEAQi9cg/+NEgmmJEByjbrhFejT9jPciDisGEn5jJO larMB07NIdIQnYuoKawjVK0G69zqZ+bMrNiOasSyRQrIvHx2NfI2w3xXdjjqAdR9 DjnkRWkxkyfR1zqMOIZSqyuxNi2T/zasrjORxsPFeTvfFl4MJzLliytYcJ/Fm4Mb 0nSK84eABKw28e8Yac9kbnwTj7oUJQ+o5kK/8JL3qjL+9gapZnPZKtR5DH4T3yl8 QF47vjHoIZtYevkFjOvaHqXf6onyEDvCBEPJfwlROWhCfNH4h69W90C/vtuAgncT BtLMWuzgd349Xs0nVrIgVbHifSPgYuJaFHSLftiXm1kTQWOSmZXC8jk1ZnwTRRaN w0XYra2Mi8kL0rcsbvF22gsXnq/fyqCuBFpKgeTGClYEhiNmgsGR1i00HOb/jYBB HimMKSPL6NNMFw+CFItfJvip9QEtpFHaWMEYnbJA6uyl5EqT2Tt9dI8ABzjBFMwL 2ZAyhoEnR/dwM2qIFvJYrqX4+/Tc2Fb9DbRLeJbdA5yKCaN1ZOK1qayUYwEzwMsv NO50wzlvt5sTX35xNd1DqqaW9XlAPylY3vFqmmt4N/Wi44ax4Tdj2sgzs2WsgcUL Ar970ervwx6q4MpAugYRDRVlPDqs1DCOZBcGiy573Dbq/cqDj+LgO5I18UPwD3IH 03gHq0TsoNM=fsVS -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2022:5095', 'synopsis': 'Important: grub2, mokutil, shim, and shim-unsigned-x64 security update', 'severity': 'Important', 'topic': 'An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1991685', '1991686', '1991687', '2083339', '2090463', '2090857', '2090899', '2092613'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json:::CVE-2021-3695', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json:::CVE-2021-3696', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json:::CVE-2021-3697', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json:::CVE-2022-28733', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json:::CVE-2022-28734', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json:::CVE-2022-28735', 'RedHat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json:::CVE-2022-28736'], 'references': [], 'publishedAt': '2022-07-07T20:11:43.460234Z', 'rpms': ['grub2-2.02-123.el8_6.8.rocky.0.1.src.rpm', 'grub2-common-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-debugsource-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-debugsource-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-aa64-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-efi-aa64-cdboot-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-efi-aa64-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-efi-ia32-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-ia32-cdboot-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-ia32-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-efi-x64-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-x64-cdboot-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-x64-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-pc-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-pc-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-tools-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-efi-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-efi-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-extra-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-extra-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-extra-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-extra-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-minimal-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-minimal-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm']}\.AlmaLinux reveals significant security patches for bootloaders and associated software, tackling severe vulnerabilities in grub2.. Rocky Linux, Grub2 Update, Security Patch, Boot Loader Security, Important Advisory. . LinuxSecurity.com Team
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grub2, mokutil, shim, and shim-unsigned-x64 security update Advisory ID: RHSA-2022:5095-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5095 Issue date: 2022-06-16 CVE Names: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 ==================================================================== 1. Summary: An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images maylead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers(CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader() 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: grub2-2.02-123.el8_6.8.src.rpm mokutil-0.3.0-11.el8_6.1.src.rpm shim-15.6-1.el8.src.rpm aarch64: grub2-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-debugsource-2.02-123.el8_6.8.aarch64.rpm grub2-efi-aa64-2.02-123.el8_6.8.aarch64.rpm grub2-efi-aa64-cdboot-2.02-123.el8_6.8.aarch64.rpm grub2-tools-2.02-123.el8_6.8.aarch64.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-tools-extra-2.02-123.el8_6.8.aarch64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-tools-minimal-2.02-123.el8_6.8.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.aarch64.rpm mokutil-0.3.0-11.el8_6.1.aarch64.rpm mokutil-debuginfo-0.3.0-11.el8_6.1.aarch64.rpm mokutil-debugsource-0.3.0-11.el8_6.1.aarch64.rpm shim-aa64-15.6-1.el8.aarch64.rpm noarch: grub2-common-2.02-123.el8_6.8.noarch.rpm grub2-efi-aa64-modules-2.02-123.el8_6.8.noarch.rpm grub2-efi-ia32-modules-2.02-123.el8_6.8.noarch.rpm grub2-efi-x64-modules-2.02-123.el8_6.8.noarch.rpm grub2-pc-modules-2.02-123.el8_6.8.noarch.rpm grub2-ppc64le-modules-2.02-123.el8_6.8.noarch.rpm ppc64le: grub2-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-debugsource-2.02-123.el8_6.8.ppc64le.rpm grub2-ppc64le-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-extra-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-minimal-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.ppc64le.rpm x86_64: grub2-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-debugsource-2.02-123.el8_6.8.x86_64.rpm grub2-efi-ia32-2.02-123.el8_6.8.x86_64.rpm grub2-efi-ia32-cdboot-2.02-123.el8_6.8.x86_64.rpm grub2-efi-x64-2.02-123.el8_6.8.x86_64.rpm grub2-efi-x64-cdboot-2.02-123.el8_6.8.x86_64.rpm grub2-pc-2.02-123.el8_6.8.x86_64.rpm grub2-tools-2.02-123.el8_6.8.x86_64.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-efi-2.02-123.el8_6.8.x86_64.rpm grub2-tools-efi-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-extra-2.02-123.el8_6.8.x86_64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-minimal-2.02-123.el8_6.8.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.x86_64.rpm mokutil-0.3.0-11.el8_6.1.x86_64.rpm mokutil-debuginfo-0.3.0-11.el8_6.1.x86_64.rpm mokutil-debugsource-0.3.0-11.el8_6.1.x86_64.rpm shim-ia32-15.6-1.el8.x86_64.rpm shim-x64-15.6-1.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: shim-unsigned-x64-15.6-1.el8.src.rpm x86_64: shim-unsigned-x64-15.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqtvddzjgjWX9erEAQjRmQ//YE4WPGQT/7En15s+P3gscZDFMMvLZO6n c6TqQorOIBmx+WHBSfMWapMLDQnaIZYnKhmou9I64Je03jA3oNXFNuzTRFvLm3hF Ly8+zU+Asv18WBRLIcDCZ70xgguSrHj/LlnkOnJhOQvi2el/40hDxxG2ohWsg6UQ tgZ8PZN4UWoihTCPVwlMnhsOI96UtILm5BqIP1ZmRzYHaOVeQcN/00qq5S6otDKv iKFEfP+SSaz4cU9t0ckOnGAPe9Fpez5Rk9v4jURwGdBf65CONfSQSoiUXdy1ikjd 3mCdmMJF6YmqEYWvw663qd6CVkj1N7qDklVc/oXpJacrE9b78O5u6p7M7HOXlfDH Gj2nwKwRAdYsnbvW+5kw59rRdmOCe/57jnPen4kkEWMh7dg3yn7b870LS3SUpFwG enqHdZC8U4w85Wp5GMuUi+EPYy9Gh7OTmuFUFBJeI1NJjQd7I1XgpcyAoxqFnwFO n77fTxDDbMJldP9yZbIvztLOEA/BFNZNl3FrAMlutBCweJyCaAnzWhdkeHM+7y/k S2e0gsh4jwTtOuHs2S7XZ8mzzePaJVgQ7SRG6t8jMaA05duuNniIAJEKVFYRGgsw aqzSpTAGVxiFPQ2wzYJHFbtyhhSZtRRhNaSpbI0uNj7aztnyjEofX3qMh1B3Wx4r RLkWjRXdZrE=q0Jp -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for fwupd, shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: shim and fwupd security update Advisory ID: RHSA-2021:2790-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2790 Issue date: 2021-07-20 CVE Names: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 ==================================================================== 1. Summary: An update for fwupd, shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. The following packages have been upgraded to a later upstream version: shim (15.4). (BZ#1932411) Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2:Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873150 - CVE-2020-14372 grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled 1879577 - CVE-2020-25632 grub2: Use-after-free in rmmod command 1886936 - CVE-2020-25647 grub2: Out-of-bounds write in grub_usb_device_initialize() 1899966 - CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline() 1900698 - CVE-2020-27779 grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled 1924696 - CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser 1926263 - CVE-2021-20233 grub2: Heap out-of-bounds write due to miscalculation of space required for quoting 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.2): Source: fwupd-1.1.4-9.el8_2.src.rpm shim-15.4-2.el8_1.src.rpm aarch64: fwupd-1.1.4-9.el8_2.aarch64.rpm fwupd-debuginfo-1.1.4-9.el8_2.aarch64.rpm fwupd-debugsource-1.1.4-9.el8_2.aarch64.rpm shim-aa64-15.4-2.el8_1.aarch64.rpm ppc64le: fwupd-1.1.4-9.el8_2.ppc64le.rpm fwupd-debuginfo-1.1.4-9.el8_2.ppc64le.rpm fwupd-debugsource-1.1.4-9.el8_2.ppc64le.rpm s390x: fwupd-1.1.4-9.el8_2.s390x.rpm fwupd-debuginfo-1.1.4-9.el8_2.s390x.rpm fwupd-debugsource-1.1.4-9.el8_2.s390x.rpm x86_64: fwupd-1.1.4-9.el8_2.x86_64.rpm fwupd-debuginfo-1.1.4-9.el8_2.x86_64.rpm fwupd-debugsource-1.1.4-9.el8_2.x86_64.rpm shim-ia32-15.4-2.el8_1.x86_64.rpm shim-x64-15.4-2.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): Source: shim-unsigned-aarch64-15-7.el8_1.src.rpm shim-unsigned-x64-15.4-4.el8_1.src.rpm aarch64: shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm x86_64: shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-14372 https://access.redhat.com/security/cve/CVE-2020-25632 https://access.redhat.com/security/cve/CVE-2020-25647 https://access.redhat.com/security/cve/CVE-2020-27749 https://access.redhat.com/security/cve/CVE-2020-27779 https://access.redhat.com/security/cve/CVE-2021-20225 https://access.redhat.com/security/cve/CVE-2021-20233 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYPdKe9zjgjWX9erEAQia/Q/+OF5AfNo/I3l3OsE9kBgmxqXoTANkbpkv rLUizj+khr3q8QQKOvkeS7QrsnRpaUthnHhwu95oYZoJl0lbEVh6k3atkIxI9qsR Ppt5cL7O3BpG9VvnHfUbti9kDl/3WCoywKio5m+aq670FVK4RI4DqYthnVSKlJPP yeyDiBYz+HsqG/hvRrxCv70fVHA+BCGeCM1qaJozqhl18kaSY1KU0K/QJQ7cEMBY G8Px2EVYJE5vc+PQWldkvfskHfJKuC4xEf0A7xNB6eBi/HMMXuvnnvxg02Tvq22m 2SrboHq7OHzvP/wORoU2y7ZvHf/JkXj0vB827h1X/09rjQMc5HcJVT6/14ja+hBd HZQpiVe/+hqWufinfGCBC4Y//dGDDJ/fqMXWvSavJm6PPVqRuXfk5TaaJSx/nShb tJ1i9pjbAqCJbY5RMgNLoul13AINEPOcd+A/fCebpMiDMHts1hbVtiifENbweZTX 1vnP+bpgrKxrU6u/RYg88AeNp+Lga++jnykxK6kb5AP2hUjoy4kMaj380DOQZRvD lOppjgnBGSolfZLt3vdprJgeMGbsh1FiFDt3ls7asO800yZrsCJpAw7byznTPasP U+li7OLKM6F4oP+8G2j3EDE1+BteA9OAUGI0phvLXu0C+zpg7R3cJfCVeTLjC3Qd NSoKps/AMhI=jbDg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: shim security update Advisory ID: RHSA-2021:1734-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1734 Issue date: 2021-05-18 CVE Names: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 ==================================================================== 1. Summary: An update for shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, x86_64 3. Description: The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Bootis enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873150 - CVE-2020-14372 grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled 1879577 - CVE-2020-25632 grub2: Use-after-free in rmmod command 1886936 - CVE-2020-25647 grub2: Out-of-bounds write in grub_usb_device_initialize() 1899966 - CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline() 1900698 - CVE-2020-27779 grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled 1924696 - CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser 1926263 - CVE-2021-20233 grub2: Heap out-of-bounds write due to miscalculation of space required for quoting 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: shim-15.4-2.el8_1.src.rpm aarch64: shim-aa64-15.4-2.el8_1.aarch64.rpm x86_64: shim-ia32-15.4-2.el8_1.x86_64.rpm shim-x64-15.4-2.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: shim-unsigned-aarch64-15-7.el8_1.src.rpm shim-unsigned-x64-15.4-4.el8_1.src.rpm aarch64: shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm x86_64: shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14372 https://access.redhat.com/security/cve/CVE-2020-25632 https://access.redhat.com/security/cve/CVE-2020-25647 https://access.redhat.com/security/cve/CVE-2020-27749 https://access.redhat.com/security/cve/CVE-2020-27779 https://access.redhat.com/security/cve/CVE-2021-20225 https://access.redhat.com/security/cve/CVE-2021-20233 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPvONzjgjWX9erEAQjW0w/+OZydzjEMfioyPxScc1pCQWrHoiFX5jZt XnFJCEaMTZZ4g2yx+oRyyJM8Jrd7suk1NAhUDh4V5LkdRk4oaXbtkcLBcOJHTfGV pzcfX3A/kJZ2ZsKogV5Orh06Jiq6aGwsg0YiGoDp4EmG+PGnODMtWvjB8U6KSi1/ aIg19yHmlIVkTaYJQan2LpL7r3pknZyHmuSZPdJxJX7/8coGS7s9rqGwROYnJnHE jiGAVqahVZkHYgvMzjo15occFVr/91C0oCb3GhI2Be1QI+Dvz2VT/xs+aIbum2yZ ioEGBVr9W/f6R8PvwIE+PTkOE2IXqJ/0uO1xuJz/bvdulC+5hXxtsG4RWWW6Sk22 uUN2GNpwF+fF6K4cZ3sdx09U5SHDuUTe1ZIjHALm7sxL4ixpEaptSsJcLoOqjg9/ 36T4REDa90NeY75SpdXNvqQqH8b6rImiTrg8Wvh16lxTT8T+1iAym6sPWb3d/0RP tQ+Dzbvp+ramwsSaATz4BhkmdkDZlaN/Soll5ZPu3Oi3imC/Ocjem2t8MD6sWHLD bwoYx8UXkvsPfu7gzDSmc84PGjl9wcq4AT9wAdZY4rgKwqlbGrBObHKi8tlZ8y3m jwrocmABVkLWYG2s1DqH4LXm8MA1Ka4dmKhRT13BmiTM0h01LeGMCOuPUU2pWW55 6QkP54EN3Hg=PExu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.