Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 19 articles for you...
197
security advisorymoderateupdateDebian 10: DLA-3813-1 moderate: shim bootloader security fix
This release fixes various issues in shim bootloader and updates it to a supported version. Older versions of the shim may eventually be blocked by Secure Boot, so it is strongly advised for Secure Boot enabled systems to upgrade to this newer version to keep the system bootable. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3813-1
May 14, 2024
Debian LTS
89
security advisorycriticalFedoraFedora 39: FEDORA-2024-d09797f550 Critical GRUB2 Out-of-Bounds Fix
Security fix for CVE-2023-4692 Security fix for CVE-2023-4693 Fri Apr 12 2024 Nicolas Frayer
Apr 29, 2024
•Critical
Fedora
89
security advisorysecurity issueupdateFedora 38: 2024-2aa28a4cfc critical: shim UEFI bootloader risk
Update to shim-15.8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2aa28a4cfc 2024-03-18 02:16:41.812974 -------------------------------------------------------------------------------- Name : shim-unsigned-x64 Product : Fedora 38 Version : 15.8 Release : 2 URL : https://github.com/rhboot/shim Summary : First-stage UEFI bootloader Description : Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. -------------------------------------------------------------------------------- Update Information: Update to shim-15.8 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 20 2024 Peter Jones - 15.8-2 - Fix some minor problems caught in review. * Mon Dec 11 2023 Peter Jones - 15.8-1 - Update to shim-15.8 Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: CVE-2023-40548 Resolves: CVE-2023-40549 Resolves: CVE-2023-40550 Resolves: CVE-2023-40551 Resolves: rhbz#2113005 Resolves: rhbz#2189197 Resolves: rhbz#2238884 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2113005 - Live image made with BOOTX64.EFI from latest shim-x64-15.6-2 fails to boot on some boards https://bugzilla.redhat.com/show_bug.cgi?id=2113005 [ 2 ] Bug #2198977 - Secure boot shim cert seems to be out of date (exp. Dec. 2022) https://bugzilla.redhat.com/show_bug.cgi?id=2198977 [ 3 ] Bug #2238884 - Version bump to 15.7 https://bugzilla.redhat.com/show_bug.cgi?id=2238884 [ 4 ] Bug #2259264 - Fedora fails to boot via BOOT/bootaa64-> fbaa64 on UEFI machines with EFI_MEMORY_ATTRIBUTES_PROTOCOL https://bugzilla.redhat.com/show_bug.cgi?id=2259264 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2024-2aa28a4cfc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 18, 2024
•Critical
Fedora
89
security advisoryupdateFedoraFedora 38: 2024-2aa28a4cfc Critical: shim UEFI Bootloader Update
Update to shim-15.8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2aa28a4cfc 2024-03-18 02:16:41.812974 -------------------------------------------------------------------------------- Name : shim-unsigned-aarch64 Product : Fedora 38 Version : 15.8 Release : 2 URL : https://github.com/rhboot/shim Summary : First-stage UEFI bootloader Description : Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. -------------------------------------------------------------------------------- Update Information: Update to shim-15.8 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 7 2024 Peter Jones - 15.8-2 - Update to shim-15.8 Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: CVE-2023-40548 Resolves: CVE-2023-40549 Resolves: CVE-2023-40550 Resolves: CVE-2023-40551 Resolves: rhbz#2113005 Resolves: rhbz#2189197 Resolves: rhbz#2238884 Resolves: rhbz#2259264 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2113005 - Live image made with BOOTX64.EFI from latest shim-x64-15.6-2 fails to boot on some boards https://bugzilla.redhat.com/show_bug.cgi?id=2113005 [ 2 ] Bug #2198977 - Secure boot shim cert seems to be out of date (exp. Dec. 2022) https://bugzilla.redhat.com/show_bug.cgi?id=2198977 [ 3 ] Bug #2238884 - Version bump to 15.7 https://bugzilla.redhat.com/show_bug.cgi?id=2238884 [ 4 ] Bug #2259264 - Fedora fails to boot via BOOT/bootaa64-> fbaa64 on UEFI machines with EFI_MEMORY_ATTRIBUTES_PROTOCOL https://bugzilla.redhat.com/show_bug.cgi?id=2259264 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2024-2aa28a4cfc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 18, 2024
•Critical
Fedora
89
security advisorysecurity issueupdateFedora 38: FEDORA-2024-2aa28a4cfc critical: shim secure boot update
Update to shim-15.8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2aa28a4cfc 2024-03-18 02:16:41.812974 -------------------------------------------------------------------------------- Name : shim Product : Fedora 38 Version : 15.8 Release : 2 URL : https://github.com/rhboot/shim/ Summary : First-stage UEFI bootloader Description : Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. This package contains the version signed by the UEFI signing service. -------------------------------------------------------------------------------- Update Information: Update to shim-15.8 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Peter Jones - 15.8-2 - Update to shim-15.8 Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: CVE-2023-40548 Resolves: CVE-2023-40549 Resolves: CVE-2023-40550 Resolves: CVE-2023-40551 Resolves: rhbz#2113005 Resolves: rhbz#2189197 Resolves: rhbz#2238884 Resolves: rhbz#2259264 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2113005 - Live image made with BOOTX64.EFI from latest shim-x64-15.6-2 fails to boot on some boards https://bugzilla.redhat.com/show_bug.cgi?id=2113005 [ 2 ] Bug #2198977 - Secure boot shim cert seems to be out of date (exp. Dec. 2022) https://bugzilla.redhat.com/show_bug.cgi?id=2198977 [ 3 ] Bug #2238884 - Version bump to 15.7 https://bugzilla.redhat.com/show_bug.cgi?id=2238884 [ 4 ] Bug #2259264 - Fedora fails to boot via BOOT/bootaa64-> fbaa64 on UEFI machines with EFI_MEMORY_ATTRIBUTES_PROTOCOL https://bugzilla.redhat.com/show_bug.cgi?id=2259264 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2024-2aa28a4cfc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 18, 2024
•Critical
Fedora
89
security advisoryfedoraupdateFedora 2024-633dc7e183: Critical Grub2 Bypass Vulnerability Detected
Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer - 2.06-114 grub- core/commands: add flag to only search root dev Resolves: #2223437 Resolves: #2224951 Resolves: #2258096 Resolves: CVE-2023-4001 Sat Jan 13 2024 Hector Martin - 2.06-113 Switch memdisk compression to lzop . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-633dc7e183 2024-02-05 01:45:31.502538 -------------------------------------------------------------------------------- Name : grub2 Product : Fedora 38 Version : 2.06 Release : 114.fc38 URL : Summary : Bootloader with support for Linux, Multiboot and more Description : The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. -------------------------------------------------------------------------------- Update Information: Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer - 2.06-114 grub- core/commands: add flag to only search root dev Resolves: #2223437 Resolves: #2224951 Resolves: #2258096 Resolves: CVE-2023-4001 Sat Jan 13 2024 Hector Martin - 2.06-113 Switch memdisk compression to lzop Thu Jan 11 2024 Daan De Meyer - 2.06-112 Don't obsolete the tools package with minimal Mon Jan 8 2024 Nicolas Frayer - 2.06-111 xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches Resolves: #2254370 Tue Dec 19 2023 Nicolas Frayer - 2.06-110 normal: fix prefix when loading modules Resolves: #2209435 Resolves: #2173015 Tue Dec 12 2023 leo sandoval - 2.06-109 chainloader: remove device path debug message``` -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 15 2024 Nicolas Frayer - 2.06-114 - grub-core/commands: add flag to only search root dev - Resolves: #2223437 - Resolves: #2224951 - Resolves: #2258096 - Resolves: CVE-2023-4001 * Sat Jan 13 2024 Hector Martin - 2.06-113 - Switch memdisk compression to lzop * Thu Jan 11 2024 Daan De Meyer - 2.06-112 - Don't obsolete the tools package with minimal * Mon Jan 8 2024 Nicolas Frayer - 2.06-111 - xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches - Resolves: #2254370 * Tue Dec 19 2023 Nicolas Frayer - 2.06-110 - normal: fix prefix when loading modules - Resolves: #2209435 - Resolves: #2173015 * Tue Dec 12 2023 leo sandoval - 2.06-109 - chainloader: remove device path debug message -------------------------------------------------------------------------------- References: [ 1 ] Bug #2224951 - CVE-2023-4001 grub2: bypass the GRUB password protection feature https://bugzilla.redhat.com/show_bug.cgi?id=2224951 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-633dc7e183' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 05, 2024
•Critical
Fedora
89
security advisoryFedorasecurity fixFedora 39: FEDORA-2024-53d986312e moderate: grub2 Security Fix
Combined update for several fixes as well as security fix for CVE-2023-4001 ``` Mon Jan 15 2024 Nicolas Frayer
Feb 05, 2024
Fedora
172
security advisorymoderatesecurity issueUbuntu 22.04 LTS USN-6355-1 Moderate: GRUB2 Security Flaws
Several security issues were fixed in GRUB2.. ========================================================================== Ubuntu Security Notice USN-6355-1 September 08, 2023 grub2-signed, grub2-unsigned, shim, and shim-signed vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in GRUB2. Software Description: - grub2-signed: GRand Unified Bootloader - grub2-unsigned: GRand Unified Bootloader - shim: boot loader to chain-load signed boot loaders under Secure Boot - shim-signed: Secure Boot chain-loading bootloader (Microsoft-signed binary) Details: Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. (CVE-2021-3695) Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local attacker could possibly use this to circumvent secure boot protections. (CVE-2021-3696) Daniel Axtens discovered that specially crafted images could cause buffer underwrite which allows arbitrary data to be written to a heap. A local attacker could possibly use this to circumvent secure boot protections. (CVE-2021-3697) It was discovered that GRUB2 configuration files were created with the wrong permissions. An attacker could possibly use this to leak encrypted passwords. (CVE-2021-3981) Daniel Axtens discovered that specially crafted IP packets could cause an integer underflow and write past the end of a bugger. An attacker could possibly use this to circumvent secure boot protections. (CVE-2022-28733) Daniel Axtens discovered that specially crafted HTTP headers can cause an out-of-bounds write of a NULL byte. An attacker could possibly use this to corrupt GRUB2's internal data. (CVE-2022-28734) Julian Andres Klodediscovered that GRUB2 shim_lock allowed non- kernel files to be loaded. A local attack could possibly use this to circumvent secure boot protections. (CVE-2022-28735) Chris Coulson discovered that executing chainloaders more than once caused a use-after-free vulnerability. A local attack could possibly use this to circumvent secure boot protections. (CVE-2022-28736) Chris Coulson discovered that specially crafted executables could cause shim to make out-of-bound writes. A local attack could possibly use this to circumvent secure boot protections. (CVE-2022-28737) Zhang Boyang discovered that specially crafted unicode sequences could lead to an out-of-bounds write to a heap. A local attacker could possibly use this to circumvent secure boot protections. (CVE-2022-3775) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: grub-efi-amd64 2.06-2ubuntu14.1 grub-efi-amd64-bin 2.06-2ubuntu14.1 grub-efi-amd64-signed 1.187.3~22.04.1+2.06-2ubuntu14.1 grub-efi-arm64 2.06-2ubuntu14.1 grub-efi-arm64-bin 2.06-2ubuntu14.1 grub-efi-arm64-signed 1.187.3~22.04.1+2.06-2ubuntu14.1 shim 15.7-0ubuntu1 shim-signed 1.51.3+15.7-0ubuntu1 Ubuntu 20.04 LTS: grub-efi-amd64 2.06-2ubuntu14.1 grub-efi-amd64-bin 2.06-2ubuntu14.1 grub-efi-amd64-signed 1.187.3~20.04.1+2.06-2ubuntu14.1 grub-efi-arm64 2.06-2ubuntu14.1 grub-efi-arm64-bin 2.06-2ubuntu14.1 grub-efi-arm64-signed 1.187.3~20.04.1+2.06-2ubuntu14.1 shim 15.7-0ubuntu1 shim-signed 1.40.9+15.7-0ubuntu1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6355-1 CVE-2021-3695, CVE-2021-3696,CVE-2021-3697, CVE-2021-3981, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736, CVE-2022-28737, CVE-2022-3775,https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2029518 Package Information: https://launchpad.net/ubuntu/+source/grub2-signed/1.187.3~22.04.1 https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu14.1 https://launchpad.net/ubuntu/+source/shim/15.7-0ubuntu1 https://launchpad.net/ubuntu/+source/shim-signed/1.51.3 https://launchpad.net/ubuntu/+source/grub2-signed/1.187.3~20.04.1 https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu14.1 https://launchpad.net/ubuntu/+source/shim/15.7-0ubuntu1 https://launchpad.net/ubuntu/+source/shim-signed/1.40.9 . Multiple security flaws found in GRUB2 patched in Ubuntu security advisory USN-6355-1. Ensure your system's safety by updating immediately.. grub2 update, Ubuntu security, bootloader vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 08, 2023
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!