Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 553
Alerts This Week
Warning Icon 1 553

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 15 articles for you...
197

Debian 11: DLA-4150-1 critical: u-boot buffer overflow and DoS

Multiple vulnerabilties were discovered in u-boot, a boot loader for embedded systems. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4150-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert May 01, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : u-boot Version : 2021.01+dfsg-5+deb11u1 CVE ID : CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVE-2022-33103 CVE-2022-33967 CVE-2022-34835 CVE-2024-57254 CVE-2024-57255 CVE-2024-57256 CVE-2024-57257 CVE-2024-57258 CVE-2024-57259 Debian Bug : 1014470 1014471 1014528 1014529 1014959 1098254 Multiple vulnerabilties were discovered in u-boot, a boot loader for embedded systems. CVE-2022-2347 An unchecked length field leading to a heap overflow. CVE-2022-30552 and CVE-2022-30790 Buffer Overflow. CVE-2022-30767 (CVE-2019-14196) Unbounded memcpy with a failed length check, leading to a buffer overflow. This issue exists due to an incorrect fix for CVE-2019- 14196. CVE-2022-33103 Out-of-bounds write. CVE-2022-33967 Heap-based buffer overflow vulnerability which may lead to a denial- of-service (DoS). CVE-2022-34835 Integer signedness error and resultant stack-based buffer overflow. CVE-2024-57254 Integer overflow. CVE-2024-57255 Integer overflow. CVE-2024-57256 Integer overflow. CVE-2024-57257 Stack consumption issue. CVE-2024-57258 Multiple integer overflows. CVE-2024-57259 Off-by-one error resulting in heap memory corruption. For Debian 11 bullseye, these problems have been fixed in version 2021.01+dfsg-5+deb11u1. We recommend that you upgrade your u-boot packages. For the detailed security statusof u-boot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/u-boot Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Essential u-boot security patch for Debian LTS to mitigate various vulnerabilities impacting embedded devices.. Debian LTS Security, U-Boot Update, Embedded Systems Security. . LinuxSecurity.com Team

Calendar%202 May 01, 2025 Debian LTS
98

Red Hat Enterprise: RHSA-2023:0048 Moderate: grub2 Buffer and Heap Issues

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grub2 security and bug fix update Advisory ID: RHSA-2023:0048-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0048 Issue date: 2023-01-09 CVE Names: CVE-2022-2601 CVE-2022-3775 ==================================================================== 1. Summary: An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601) * grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL8.6][SecureBoot][Denali/P10] bootprocess stops at grub prompt after copying the signed grub to prep partition (BZ#2108049) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences 6. Package List: Red Hat Enterprise Linux BaseOS EUS(v.8.6): Source: grub2-2.02-123.el8_6.12.src.rpm aarch64: grub2-debuginfo-2.02-123.el8_6.12.aarch64.rpm grub2-debugsource-2.02-123.el8_6.12.aarch64.rpm grub2-efi-aa64-2.02-123.el8_6.12.aarch64.rpm grub2-efi-aa64-cdboot-2.02-123.el8_6.12.aarch64.rpm grub2-tools-2.02-123.el8_6.12.aarch64.rpm grub2-tools-debuginfo-2.02-123.el8_6.12.aarch64.rpm grub2-tools-extra-2.02-123.el8_6.12.aarch64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.12.aarch64.rpm grub2-tools-minimal-2.02-123.el8_6.12.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.12.aarch64.rpm noarch: grub2-common-2.02-123.el8_6.12.noarch.rpm grub2-efi-aa64-modules-2.02-123.el8_6.12.noarch.rpm grub2-efi-ia32-modules-2.02-123.el8_6.12.noarch.rpm grub2-efi-x64-modules-2.02-123.el8_6.12.noarch.rpm grub2-pc-modules-2.02-123.el8_6.12.noarch.rpm grub2-ppc64le-modules-2.02-123.el8_6.12.noarch.rpm ppc64le: grub2-debuginfo-2.02-123.el8_6.12.ppc64le.rpm grub2-debugsource-2.02-123.el8_6.12.ppc64le.rpm grub2-ppc64le-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-debuginfo-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-extra-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-minimal-2.02-123.el8_6.12.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.12.ppc64le.rpm x86_64: grub2-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-debugsource-2.02-123.el8_6.12.x86_64.rpm grub2-efi-ia32-2.02-123.el8_6.12.x86_64.rpm grub2-efi-ia32-cdboot-2.02-123.el8_6.12.x86_64.rpm grub2-efi-x64-2.02-123.el8_6.12.x86_64.rpm grub2-efi-x64-cdboot-2.02-123.el8_6.12.x86_64.rpm grub2-pc-2.02-123.el8_6.12.x86_64.rpm grub2-tools-2.02-123.el8_6.12.x86_64.rpm grub2-tools-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-tools-efi-2.02-123.el8_6.12.x86_64.rpm grub2-tools-efi-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-tools-extra-2.02-123.el8_6.12.x86_64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.12.x86_64.rpm grub2-tools-minimal-2.02-123.el8_6.12.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY7xCD9zjgjWX9erEAQhfzA/7Ba+eaWDBSVgfND359hC383ptYeHqg4pg 4umJfzuRvYPEMV4mg62iBci5gSoIWMvFTT0somnAEtT/F5fmmIMJhJBCtin4GqMs XxiOZQVGPVySBgTQNorSiXkC2z40tBfYRuyrkDNvwCWlKuv+G7bdkZY4IKbOUKu4 dvP2ZZu+WDwB+mxR2NUjoTkreOsbJrTEysDmoZWxuN25dPuYpBwRbt+VLVMPNY0B CEs4WhJdHnLnSQCRJhUMwWQPpt2akDqvSwX/Qphz/UlFu8Cs+s8YFCs/BQxLI4ku UWJL1eTjtnb3iQMmP36fRF1GVc2YsalMDAmEwXcZsSF36t5qlJNMaHELiepSQP2v QOuMuSXqX3gFb6Vw2+uqEHZ97I5DYUnWwWV3tmVPULqitNf1dMtYG/SlHucRebNw 0h5nQxEzkSz0/5DLvAlNeMPh9+7/xKwsSacbCpBXODy3n6AW3R7YflycuqahsIRt kh+3B21g6RIr73QnJNnwlCJN6QEGEMvTGq6XJuCilOe43QjZ5D4ptY7gco7o2UQS PNBNYmhSghF3TQNyVGDqrqF36Zd8r5Q7+NIQh/aTnL+BXZtuRA4qH/XsDOrETwro 5aNXQVW/1aM3xsnbSV8OGGFCr9G65xTZR2slziC3VYNpcZ43YHFMxHifV0tCfPsG CprlG5jMKn4=YOdv -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The Linux Foundation issued an urgent security update for systemd, addressing severe memory corruption issues. More information on remedies available here.. grub2 update, Red Hat, moderate severity, security advisory, extended support. . LinuxSecurity.com Team

Calendar%202 Jan 09, 2023 Red Hat
98

Red Hat: RHSA-2022-8978-01 Moderate: Grub2 Buffer Overflow and Heap Issues

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grub2 security and bug fix update Advisory ID: RHSA-2022:8978-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8978 Issue date: 2022-12-13 CVE Names: CVE-2022-2601 CVE-2022-3775 ==================================================================== 1. Summary: An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601) * grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Kernel Panic on Milan when enableSEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104) * [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358) * RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434) * ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences 6. Package List: Red Hat Enterprise Linux BaseOS EUS(v.9.0): Source: grub2-2.06-27.el9_0.12.src.rpm aarch64: grub2-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-debugsource-2.06-27.el9_0.12.aarch64.rpm grub2-efi-aa64-2.06-27.el9_0.12.aarch64.rpm grub2-efi-aa64-cdboot-2.06-27.el9_0.12.aarch64.rpm grub2-emu-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-2.06-27.el9_0.12.aarch64.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-extra-2.06-27.el9_0.12.aarch64.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-minimal-2.06-27.el9_0.12.aarch64.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.aarch64.rpm noarch: grub2-common-2.06-27.el9_0.12.noarch.rpm grub2-efi-aa64-modules-2.06-27.el9_0.12.noarch.rpm grub2-efi-x64-modules-2.06-27.el9_0.12.noarch.rpm grub2-pc-modules-2.06-27.el9_0.12.noarch.rpm grub2-ppc64le-modules-2.06-27.el9_0.12.noarch.rpm ppc64le: grub2-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-debugsource-2.06-27.el9_0.12.ppc64le.rpm grub2-ppc64le-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-extra-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-minimal-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.ppc64le.rpm x86_64: grub2-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-debugsource-2.06-27.el9_0.12.x86_64.rpm grub2-efi-x64-2.06-27.el9_0.12.x86_64.rpm grub2-efi-x64-cdboot-2.06-27.el9_0.12.x86_64.rpm grub2-emu-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-pc-2.06-27.el9_0.12.x86_64.rpm grub2-tools-2.06-27.el9_0.12.x86_64.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-tools-efi-2.06-27.el9_0.12.x86_64.rpm grub2-tools-efi-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-tools-extra-2.06-27.el9_0.12.x86_64.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.x86_64.rpm grub2-tools-minimal-2.06-27.el9_0.12.x86_64.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details onhow to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5j9/NzjgjWX9erEAQjbZQ//a/froDILL6ZRBqxuscAjkZrWUPfPWEzw m7mLmI0/hIhR5bREv03E0PoLEhRFQrB0eggfcc1lOQGcNCDTazvuUsSaBU1ULUHV TVDcoTRPQl/NRnlfGPFvCn9Yz2rWYx9rkeI+rmHD7JBNewYDY1WdA/mmxp9RvV0X fxDtwLPfO7PauAe23oCJdmZh1GypZbk3nfS4unkYyu/PLPKiB+MMN/bpAjIqwrML xzwc/b/hVmJz3xg5qh+5/2+0P3Oug4hND72JZBYAtbuycCtEHzm29VoNMOOi+P9E ApJBiF/V9qyndwFKqi9pyyNtv5naRCcGdYdnUFRaknjF0DKxIsXBs+K1FREtiTDo LDXOUuLFe0KYPzY4sD9AMRaikuQWmV5oC0BE7w9bPvuFtXBSttwXkqHJ0D5kt0Da PRAXsIfcww0XV91LCui77mrjUPOlIfR0XfxMUrMdde0TJnnTi54DCNM0NJLKmoVV 83DQqi8Ln1xq+zG78muAgsLCwpB2tL45iyRzD6esZ3VlMbH6sDsOABKNZxJPD+UL MCPcvO2ypEBGSH/kppTU/SvKN2ijFPM2ZhV15UX4zI+TcAq1YKoQAdjwAqN39Ksk KVRCqno6wJbKREWTijUUM0x7XiLQB+gJ2Z869F6cXxaJ4teY7DprTQQ2xMKbz/lr KJfj48QotlU=A8i1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian enhances initramfs-tools addressing serious vulnerabilities related to memory corruption and race conditions. Crucial for improved system startup security.. Red Hat Security, Grub2 Update, Boot Loader Security, Linux Enterprise, Moderate Severity Advisory. . LinuxSecurity.com Team

Calendar%202 Dec 13, 2022 Red Hat
98

Red Hat: RHSA-2022:8900-01 Important: Grub2 Integer Underflow

An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grub2 security update Advisory ID: RHSA-2022:8900-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8900 Issue date: 2022-12-08 CVE Names: CVE-2022-28733 ==================================================================== 1. Summary: An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Integer underflow ingrub_net_recv_ip4_packets (CVE-2022-28733) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm ppc64: grub2-2.02-0.87.el7_9.11.ppc64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.ppc64.rpm grub2-ppc64-2.02-0.87.el7_9.11.ppc64.rpm grub2-tools-2.02-0.87.el7_9.11.ppc64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.ppc64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.ppc64.rpm ppc64le: grub2-2.02-0.87.el7_9.11.ppc64le.rpm grub2-debuginfo-2.02-0.87.el7_9.11.ppc64le.rpm grub2-ppc64le-2.02-0.87.el7_9.11.ppc64le.rpm grub2-tools-2.02-0.87.el7_9.11.ppc64le.rpm grub2-tools-extra-2.02-0.87.el7_9.11.ppc64le.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.ppc64le.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: grub2-2.02-0.87.el7_9.11.src.rpm noarch: grub2-common-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-ia32-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-efi-x64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-pc-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0.87.el7_9.11.x86_64.rpm grub2-pc-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-extra-2.02-0.87.el7_9.11.x86_64.rpm grub2-tools-minimal-2.02-0.87.el7_9.11.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: grub2-efi-aa64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64-modules-2.02-0.87.el7_9.11.noarch.rpm grub2-ppc64le-modules-2.02-0.87.el7_9.11.noarch.rpm x86_64: grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-cdboot-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-cdboot-2.02-0.87.el7_9.11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY5ISD9zjgjWX9erEAQi9cg/+NEgmmJEByjbrhFejT9jPciDisGEn5jJO larMB07NIdIQnYuoKawjVK0G69zqZ+bMrNiOasSyRQrIvHx2NfI2w3xXdjjqAdR9 DjnkRWkxkyfR1zqMOIZSqyuxNi2T/zasrjORxsPFeTvfFl4MJzLliytYcJ/Fm4Mb 0nSK84eABKw28e8Yac9kbnwTj7oUJQ+o5kK/8JL3qjL+9gapZnPZKtR5DH4T3yl8 QF47vjHoIZtYevkFjOvaHqXf6onyEDvCBEPJfwlROWhCfNH4h69W90C/vtuAgncT BtLMWuzgd349Xs0nVrIgVbHifSPgYuJaFHSLftiXm1kTQWOSmZXC8jk1ZnwTRRaN w0XYra2Mi8kL0rcsbvF22gsXnq/fyqCuBFpKgeTGClYEhiNmgsGR1i00HOb/jYBB HimMKSPL6NNMFw+CFItfJvip9QEtpFHaWMEYnbJA6uyl5EqT2Tt9dI8ABzjBFMwL 2ZAyhoEnR/dwM2qIFvJYrqX4+/Tc2Fb9DbRLeJbdA5yKCaN1ZOK1qayUYwEzwMsv NO50wzlvt5sTX35xNd1DqqaW9XlAPylY3vFqmmt4N/Wi44ax4Tdj2sgzs2WsgcUL Ar970ervwx6q4MpAugYRDRVlPDqs1DCOZBcGiy573Dbq/cqDj+LgO5I18UPwD3IH 03gHq0TsoNM=fsVS -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant security patch from Red Hat tackles severe vulnerabilities in the boot loader, impacting various hardware architectures.. Grub2 Security Update, Red Hat Enterprise Linux, Important Security Fix. . LinuxSecurity.com Team

Calendar%202 Dec 08, 2022 Red Hat
219

Rocky Linux 8 RLSA-2022:5095 Important: Grub2 Boot Loader Security Fix

Important: grub2, mokutil, shim, and shim-unsigned-x64 security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2022:5095', 'synopsis': 'Important: grub2, mokutil, shim, and shim-unsigned-x64 security update', 'severity': 'Important', 'topic': 'An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1991685', '1991686', '1991687', '2083339', '2090463', '2090857', '2090899', '2092613'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json:::CVE-2021-3695', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json:::CVE-2021-3696', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json:::CVE-2021-3697', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json:::CVE-2022-28733', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json:::CVE-2022-28734', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json:::CVE-2022-28735', 'RedHat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json:::CVE-2022-28736'], 'references': [], 'publishedAt': '2022-07-07T20:11:43.460234Z', 'rpms': ['grub2-2.02-123.el8_6.8.rocky.0.1.src.rpm', 'grub2-common-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-debugsource-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-debugsource-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-aa64-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-efi-aa64-cdboot-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-efi-aa64-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-efi-ia32-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-ia32-cdboot-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-ia32-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-efi-x64-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-x64-cdboot-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-efi-x64-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-pc-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-pc-modules-2.02-123.el8_6.8.rocky.0.1.noarch.rpm', 'grub2-tools-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-efi-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-efi-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-extra-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-extra-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-extra-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-extra-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-minimal-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-minimal-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm', 'grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.rocky.0.1.aarch64.rpm', 'grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.rocky.0.1.x86_64.rpm']}\.AlmaLinux reveals significant security patches for bootloaders and associated software, tackling severe vulnerabilities in grub2.. Rocky Linux, Grub2 Update, Security Patch, Boot Loader Security, Important Advisory. . LinuxSecurity.com Team

Calendar%202 Sep 02, 2022 Rocky Linux
98

Red Hat Enterprise Linux 8 RHSA-2022-5095-01 Important Grub2 Security Fixes

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grub2, mokutil, shim, and shim-unsigned-x64 security update Advisory ID: RHSA-2022:5095-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5095 Issue date: 2022-06-16 CVE Names: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 ==================================================================== 1. Summary: An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images maylead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers(CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader() 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: grub2-2.02-123.el8_6.8.src.rpm mokutil-0.3.0-11.el8_6.1.src.rpm shim-15.6-1.el8.src.rpm aarch64: grub2-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-debugsource-2.02-123.el8_6.8.aarch64.rpm grub2-efi-aa64-2.02-123.el8_6.8.aarch64.rpm grub2-efi-aa64-cdboot-2.02-123.el8_6.8.aarch64.rpm grub2-tools-2.02-123.el8_6.8.aarch64.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-tools-extra-2.02-123.el8_6.8.aarch64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-tools-minimal-2.02-123.el8_6.8.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.aarch64.rpm mokutil-0.3.0-11.el8_6.1.aarch64.rpm mokutil-debuginfo-0.3.0-11.el8_6.1.aarch64.rpm mokutil-debugsource-0.3.0-11.el8_6.1.aarch64.rpm shim-aa64-15.6-1.el8.aarch64.rpm noarch: grub2-common-2.02-123.el8_6.8.noarch.rpm grub2-efi-aa64-modules-2.02-123.el8_6.8.noarch.rpm grub2-efi-ia32-modules-2.02-123.el8_6.8.noarch.rpm grub2-efi-x64-modules-2.02-123.el8_6.8.noarch.rpm grub2-pc-modules-2.02-123.el8_6.8.noarch.rpm grub2-ppc64le-modules-2.02-123.el8_6.8.noarch.rpm ppc64le: grub2-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-debugsource-2.02-123.el8_6.8.ppc64le.rpm grub2-ppc64le-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-extra-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-minimal-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.ppc64le.rpm x86_64: grub2-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-debugsource-2.02-123.el8_6.8.x86_64.rpm grub2-efi-ia32-2.02-123.el8_6.8.x86_64.rpm grub2-efi-ia32-cdboot-2.02-123.el8_6.8.x86_64.rpm grub2-efi-x64-2.02-123.el8_6.8.x86_64.rpm grub2-efi-x64-cdboot-2.02-123.el8_6.8.x86_64.rpm grub2-pc-2.02-123.el8_6.8.x86_64.rpm grub2-tools-2.02-123.el8_6.8.x86_64.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-efi-2.02-123.el8_6.8.x86_64.rpm grub2-tools-efi-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-extra-2.02-123.el8_6.8.x86_64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-minimal-2.02-123.el8_6.8.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.x86_64.rpm mokutil-0.3.0-11.el8_6.1.x86_64.rpm mokutil-debuginfo-0.3.0-11.el8_6.1.x86_64.rpm mokutil-debugsource-0.3.0-11.el8_6.1.x86_64.rpm shim-ia32-15.6-1.el8.x86_64.rpm shim-x64-15.6-1.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: shim-unsigned-x64-15.6-1.el8.src.rpm x86_64: shim-unsigned-x64-15.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqtvddzjgjWX9erEAQjRmQ//YE4WPGQT/7En15s+P3gscZDFMMvLZO6n c6TqQorOIBmx+WHBSfMWapMLDQnaIZYnKhmou9I64Je03jA3oNXFNuzTRFvLm3hF Ly8+zU+Asv18WBRLIcDCZ70xgguSrHj/LlnkOnJhOQvi2el/40hDxxG2ohWsg6UQ tgZ8PZN4UWoihTCPVwlMnhsOI96UtILm5BqIP1ZmRzYHaOVeQcN/00qq5S6otDKv iKFEfP+SSaz4cU9t0ckOnGAPe9Fpez5Rk9v4jURwGdBf65CONfSQSoiUXdy1ikjd 3mCdmMJF6YmqEYWvw663qd6CVkj1N7qDklVc/oXpJacrE9b78O5u6p7M7HOXlfDH Gj2nwKwRAdYsnbvW+5kw59rRdmOCe/57jnPen4kkEWMh7dg3yn7b870LS3SUpFwG enqHdZC8U4w85Wp5GMuUi+EPYy9Gh7OTmuFUFBJeI1NJjQd7I1XgpcyAoxqFnwFO n77fTxDDbMJldP9yZbIvztLOEA/BFNZNl3FrAMlutBCweJyCaAnzWhdkeHM+7y/k S2e0gsh4jwTtOuHs2S7XZ8mzzePaJVgQ7SRG6t8jMaA05duuNniIAJEKVFYRGgsw aqzSpTAGVxiFPQ2wzYJHFbtyhhSZtRRhNaSpbI0uNj7aztnyjEofX3qMh1B3Wx4r RLkWjRXdZrE=q0Jp -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical security update from Red Hat highlighting significant patches for grub2, mokutil, and shim vulnerabilities.. grub2 update, Red Hat security, enterprise Linux, boot loader fix, important security advisory. . LinuxSecurity.com Team

Calendar%202 Jun 16, 2022 Red Hat
98

Red Hat 8.2: RHSA-2021-2790-01 Moderate: Shim and Fwupd Security Update

An update for fwupd, shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: shim and fwupd security update Advisory ID: RHSA-2021:2790-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2790 Issue date: 2021-07-20 CVE Names: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 ==================================================================== 1. Summary: An update for fwupd, shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. The following packages have been upgraded to a later upstream version: shim (15.4). (BZ#1932411) Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2:Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873150 - CVE-2020-14372 grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled 1879577 - CVE-2020-25632 grub2: Use-after-free in rmmod command 1886936 - CVE-2020-25647 grub2: Out-of-bounds write in grub_usb_device_initialize() 1899966 - CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline() 1900698 - CVE-2020-27779 grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled 1924696 - CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser 1926263 - CVE-2021-20233 grub2: Heap out-of-bounds write due to miscalculation of space required for quoting 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.2): Source: fwupd-1.1.4-9.el8_2.src.rpm shim-15.4-2.el8_1.src.rpm aarch64: fwupd-1.1.4-9.el8_2.aarch64.rpm fwupd-debuginfo-1.1.4-9.el8_2.aarch64.rpm fwupd-debugsource-1.1.4-9.el8_2.aarch64.rpm shim-aa64-15.4-2.el8_1.aarch64.rpm ppc64le: fwupd-1.1.4-9.el8_2.ppc64le.rpm fwupd-debuginfo-1.1.4-9.el8_2.ppc64le.rpm fwupd-debugsource-1.1.4-9.el8_2.ppc64le.rpm s390x: fwupd-1.1.4-9.el8_2.s390x.rpm fwupd-debuginfo-1.1.4-9.el8_2.s390x.rpm fwupd-debugsource-1.1.4-9.el8_2.s390x.rpm x86_64: fwupd-1.1.4-9.el8_2.x86_64.rpm fwupd-debuginfo-1.1.4-9.el8_2.x86_64.rpm fwupd-debugsource-1.1.4-9.el8_2.x86_64.rpm shim-ia32-15.4-2.el8_1.x86_64.rpm shim-x64-15.4-2.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): Source: shim-unsigned-aarch64-15-7.el8_1.src.rpm shim-unsigned-x64-15.4-4.el8_1.src.rpm aarch64: shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm x86_64: shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-14372 https://access.redhat.com/security/cve/CVE-2020-25632 https://access.redhat.com/security/cve/CVE-2020-25647 https://access.redhat.com/security/cve/CVE-2020-27749 https://access.redhat.com/security/cve/CVE-2020-27779 https://access.redhat.com/security/cve/CVE-2021-20225 https://access.redhat.com/security/cve/CVE-2021-20233 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYPdKe9zjgjWX9erEAQia/Q/+OF5AfNo/I3l3OsE9kBgmxqXoTANkbpkv rLUizj+khr3q8QQKOvkeS7QrsnRpaUthnHhwu95oYZoJl0lbEVh6k3atkIxI9qsR Ppt5cL7O3BpG9VvnHfUbti9kDl/3WCoywKio5m+aq670FVK4RI4DqYthnVSKlJPP yeyDiBYz+HsqG/hvRrxCv70fVHA+BCGeCM1qaJozqhl18kaSY1KU0K/QJQ7cEMBY G8Px2EVYJE5vc+PQWldkvfskHfJKuC4xEf0A7xNB6eBi/HMMXuvnnvxg02Tvq22m 2SrboHq7OHzvP/wORoU2y7ZvHf/JkXj0vB827h1X/09rjQMc5HcJVT6/14ja+hBd HZQpiVe/+hqWufinfGCBC4Y//dGDDJ/fqMXWvSavJm6PPVqRuXfk5TaaJSx/nShb tJ1i9pjbAqCJbY5RMgNLoul13AINEPOcd+A/fCebpMiDMHts1hbVtiifENbweZTX 1vnP+bpgrKxrU6u/RYg88AeNp+Lga++jnykxK6kb5AP2hUjoy4kMaj380DOQZRvD lOppjgnBGSolfZLt3vdprJgeMGbsh1FiFDt3ls7asO800yZrsCJpAw7byznTPasP U+li7OLKM6F4oP+8G2j3EDE1+BteA9OAUGI0phvLXu0C+zpg7R3cJfCVeTLjC3Qd NSoKps/AMhI=jbDg -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An announcement details recent updates for fwupd and shim on Red Hat, addressing medium-level security vulnerabilities with comprehensive insights and mitigation steps. Red Hat, shim security, fwupd update, security advisory, Linux patch. . LinuxSecurity.com Team

Calendar%202 Jul 20, 2021 Red Hat
98

Red Hat Enterprise Linux 8: RHSA-2021-1734-01 Moderate Shim Security Update

An update for shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: shim security update Advisory ID: RHSA-2021:1734-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1734 Issue date: 2021-05-18 CVE Names: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 ==================================================================== 1. Summary: An update for shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, x86_64 3. Description: The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Bootis enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873150 - CVE-2020-14372 grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled 1879577 - CVE-2020-25632 grub2: Use-after-free in rmmod command 1886936 - CVE-2020-25647 grub2: Out-of-bounds write in grub_usb_device_initialize() 1899966 - CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline() 1900698 - CVE-2020-27779 grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled 1924696 - CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser 1926263 - CVE-2021-20233 grub2: Heap out-of-bounds write due to miscalculation of space required for quoting 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: shim-15.4-2.el8_1.src.rpm aarch64: shim-aa64-15.4-2.el8_1.aarch64.rpm x86_64: shim-ia32-15.4-2.el8_1.x86_64.rpm shim-x64-15.4-2.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: shim-unsigned-aarch64-15-7.el8_1.src.rpm shim-unsigned-x64-15.4-4.el8_1.src.rpm aarch64: shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm x86_64: shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14372 https://access.redhat.com/security/cve/CVE-2020-25632 https://access.redhat.com/security/cve/CVE-2020-25647 https://access.redhat.com/security/cve/CVE-2020-27749 https://access.redhat.com/security/cve/CVE-2020-27779 https://access.redhat.com/security/cve/CVE-2021-20225 https://access.redhat.com/security/cve/CVE-2021-20233 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPvONzjgjWX9erEAQjW0w/+OZydzjEMfioyPxScc1pCQWrHoiFX5jZt XnFJCEaMTZZ4g2yx+oRyyJM8Jrd7suk1NAhUDh4V5LkdRk4oaXbtkcLBcOJHTfGV pzcfX3A/kJZ2ZsKogV5Orh06Jiq6aGwsg0YiGoDp4EmG+PGnODMtWvjB8U6KSi1/ aIg19yHmlIVkTaYJQan2LpL7r3pknZyHmuSZPdJxJX7/8coGS7s9rqGwROYnJnHE jiGAVqahVZkHYgvMzjo15occFVr/91C0oCb3GhI2Be1QI+Dvz2VT/xs+aIbum2yZ ioEGBVr9W/f6R8PvwIE+PTkOE2IXqJ/0uO1xuJz/bvdulC+5hXxtsG4RWWW6Sk22 uUN2GNpwF+fF6K4cZ3sdx09U5SHDuUTe1ZIjHALm7sxL4ixpEaptSsJcLoOqjg9/ 36T4REDa90NeY75SpdXNvqQqH8b6rImiTrg8Wvh16lxTT8T+1iAym6sPWb3d/0RP tQ+Dzbvp+ramwsSaATz4BhkmdkDZlaN/Soll5ZPu3Oi3imC/Ocjem2t8MD6sWHLD bwoYx8UXkvsPfu7gzDSmc84PGjl9wcq4AT9wAdZY4rgKwqlbGrBObHKi8tlZ8y3m jwrocmABVkLWYG2s1DqH4LXm8MA1Ka4dmKhRT13BmiTM0h01LeGMCOuPUU2pWW55 6QkP54EN3Hg=PExu -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . Ubuntu Server 22.04 experienced a significant patch release for grub, addressing several critical vulnerabilities.. shim Security Update, Moderate Impact Fixes, Red Hat Advisory. . LinuxSecurity.com Team

Calendar%202 May 18, 2021 Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200