Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
91
security advisoryhigh severitygentooGentoo: GLSA-202311-14 High Alert on GRUB Code Execution Vulnerabilities
Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GRUB: Multiple Vulnerabilities Date: November 25, 2023 Bugs: #881413, #915187 ID: 202311-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution. Background ========== GNU GRUB is a multiboot boot loader used by most Linux systems. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ sys-boot/grub < 2.06-r9 > = 2.06-r9 Description =========== Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GRUB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-boot/grub-2.06-r9" References ========== [ 1 ] CVE-2022-2601 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 [ 2 ] CVE-2022-3775 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 [ 3 ] CVE-2023-4692 https://nvd.nist.gov/vuln/detail/CVE-2023-4692 [ 4 ] CVE-2023-4693 https://nvd.nist.gov/vuln/detail/CVE-2023-4693 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202311-14 Concerns? ========= Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 25, 2023
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA-202209-12 High Severity: GRUB Secureboot Bypass
Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GRUB: Multiple Vulnerabilities Date: September 25, 2022 Bugs: #850535, #835082 ID: 202209-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Background ========= GNU GRUB is a multiboot boot loader used by most Linux systems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-boot/grub < 2.06 > = 2.06 Description ========== Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All GRUB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-boot/grub-2.06-r3" After upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB2 Gentoo Wiki page for directions. Your system will be vulnerable until this action is performed. References ========= [ 1 ] CVE-2021-3695 https://nvd.nist.gov/vuln/detail/CVE-2021-3695 [ 2 ] CVE-2021-3696 https://nvd.nist.gov/vuln/detail/CVE-2021-3696 [ 3 ]CVE-2021-3697 https://nvd.nist.gov/vuln/detail/CVE-2021-3697 [ 4 ] CVE-2021-3981 https://nvd.nist.gov/vuln/detail/CVE-2021-3981 [ 5 ] CVE-2022-28733 https://nvd.nist.gov/vuln/detail/CVE-2022-28733 [ 6 ] CVE-2022-28734 https://nvd.nist.gov/vuln/detail/CVE-2022-28734 [ 7 ] CVE-2022-28735 https://nvd.nist.gov/vuln/detail/CVE-2022-28735 [ 8 ] CVE-2022-28736 https://nvd.nist.gov/vuln/detail/CVE-2022-28736 [ 9 ] CVE-2022-28737 https://nvd.nist.gov/vuln/detail/CVE-2022-28737 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 25, 2022
Gentoo
91
security advisorygentoomultiple vulnerabilitiesGentoo: GLSA-202104-05 Normal: GRUB Multiple Threats Detected
Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202104-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GRUB: Multiple vulnerabilities Date: April 30, 2021 Bugs: #734654, #773991 ID: 202104-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot. Background ========= GNU GRUB is a multiboot boot loader used by most Linux systems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/grub < 2.06_rc1 > = 2.06_rc1 Description ========== Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All GRUB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-devel/grub-2.06_rc1" After upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB Quick Start guide in the references below for examples. Your system will be vulnerable until this action is performed. References ========= [ 1 ] CVE-2020-10713 https://nvd.nist.gov/vuln/detail/CVE-2020-10713 [ 2 ] CVE-2020-14308 https://nvd.nist.gov/vuln/detail/CVE-2020-14308 [ 3 ] CVE-2020-14309 https://nvd.nist.gov/vuln/detail/CVE-2020-14309 [ 4 ] CVE-2020-14310 https://nvd.nist.gov/vuln/detail/CVE-2020-14310 [ 5 ] CVE-2020-14311 https://nvd.nist.gov/vuln/detail/CVE-2020-14311 [ 6 ] CVE-2020-14372 https://nvd.nist.gov/vuln/detail/CVE-2020-14372 [ 7 ] CVE-2020-15705 https://nvd.nist.gov/vuln/detail/CVE-2020-15705 [ 8 ] CVE-2020-15706 https://nvd.nist.gov/vuln/detail/CVE-2020-15706 [ 9 ] CVE-2020-15707 https://nvd.nist.gov/vuln/detail/CVE-2020-15707 [ 10 ] CVE-2020-25632 https://nvd.nist.gov/vuln/detail/CVE-2020-25632 [ 11 ] CVE-2020-25647 https://nvd.nist.gov/vuln/detail/CVE-2020-25647 [ 12 ] CVE-2020-27749 https://nvd.nist.gov/vuln/detail/CVE-2020-27749 [ 13 ] CVE-2020-27779 https://nvd.nist.gov/vuln/detail/CVE-2020-27779 [ 14 ] CVE-2021-20225 https://nvd.nist.gov/vuln/detail/CVE-2021-20225 [ 15 ] CVE-2021-20233 https://nvd.nist.gov/vuln/detail/CVE-2021-20233 [ 16 ] GRUB Quick Start guide https://wiki.gentoo.org/wiki/GRUB2_Quick_Start Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202104-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Apr 30, 2021
Gentoo
100
security advisoryupdatevulnerabilitySUSE 12-SP4 Important Grub2 Security Update: SUSE-SU-2020:2305-1
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2305-1 Rating: important References: #1172745 #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2305=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2305=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2305=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2305=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2305=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 grub2-debugsource-2.02-12.39.1 grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 grub2-debugsource-2.02-12.39.1 grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-12.39.1 grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-12.39.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1172745 https://bugzilla.suse.com/1174421 _______________________________________________ sle-security-updates mailing list
Aug 25, 2020
•Important
SuSE
99
security advisorymoderatesecurity issueSlackware 14.1 2015-351-01 Moderate: Grub Security Update
New grub packages are available for Slackware 14.1 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] grub (SSA:2015-351-01) New grub packages are available for Slackware 14.1 and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/grub-2.00-i486-3_slack14.1.txz: Rebuilt. Patched bug where password protection during system startup may be bypassed by hitting the backspace key 28 times giving a rescue shell. Thanks to Hector Marco and Ismael Ripoll. For more information, see: https://www.cve.org/CVERecord?id=CVE-2015-8370 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/grub-2.00-i486-3_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/grub-2.00-x86_64-3_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.1 package: 5de408a0c4faa8c4cb7fbf926d983b17 grub-2.00-i486-3_slack14.1.txz Slackware x86_64 14.1 package: 8c7c4da23a03536fc5306fce459d0695 grub-2.00-x86_64-3_slack14.1.txz Slackware -current package: 5a416c513f561c91bb8fc1387f6622d3 a/grub-2.00-i586-3.txz Slackware x86_64 -current package: 37119f35ad70e576303636cd3e9b4f0e a/grub-2.00-x86_64-3.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg grub-2.00-i486-3_slack14.1.txz +-----+ . Recent updates to grub packages in Slackware tackle a criticalvulnerability, bolstering system security, along with detailed upgrade guidelines included.. Grub Package Update, Slackware Security Advisory, System Upgrade Instructions. . Severity: Important. LinuxSecurity.com Team
Dec 18, 2015
•Important
Slackware
172
security advisoryauthentication issueubuntuUbuntu 15.10 USN-2836-1 Moderate: GRUB Password Protection Bypass
GRUB password protection can be bypassed.. =========================================================================Ubuntu Security Notice USN-2836-1 December 15, 2015 grub2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: GRUB password protection can be bypassed. Software Description: - grub2: GRand Unified Bootloader Details: Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: grub2-common 2.02~beta2-29ubuntu0.2 Ubuntu 15.04: grub2-common 2.02~beta2-22ubuntu1.4 Ubuntu 14.04 LTS: grub2-common 2.02~beta2-9ubuntu1.6 Ubuntu 12.04 LTS: grub2-common 1.99-21ubuntu3.19 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2836-1 CVE-2015-8370 Package Information: https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-29ubuntu0.2 https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-22ubuntu1.4 https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-9ubuntu1.6 https://launchpad.net/ubuntu/+source/grub2/1.99-21ubuntu3.19 . Ubuntu Security Announcement USN-2837-1 addresses vulnerabilities in GRUB bootloader that allow for unauthorized access and provides updates for affected systems.. Grub Protection Bypass, Ubuntu Security Advisory, GRUB Issue. . Severity: Important. LinuxSecurity.com Team
Dec 15, 2015
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!