Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 34: 2021-73d63662b0 Critical Grub2 Permission Exposure

- restore umask for grub.cfg (CVE-2021-3981) - re-run signing after infrastructure fix. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-73d63662b0 2021-12-26 01:09:10.067800 --------------------------------------------------------------------------------Name : grub2 Product : Fedora 34 Version : 2.06 Release : 9.fc34 URL : http://www.gnu.org/software/grub/ Summary : Bootloader with support for Linux, Multiboot and more Description : The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. --------------------------------------------------------------------------------Update Information: - restore umask for grub.cfg (CVE-2021-3981) - re-run signing after infrastructure fix --------------------------------------------------------------------------------ChangeLog: * Fri Dec 10 2021 Robbie Harwood - 2.06-9 - Bump to re-run signing (no code changes) * Thu Dec 9 2021 Robbie Harwood - 2.06-8 - Restore grub.cfg umask (CVE-2021-3981) - Resolves: rhbz#2030358 --------------------------------------------------------------------------------References: [ 1 ] Bug #2030358 - CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2030358 [ 2 ] Bug #2030940 - Booting with grub2-2.06-9.fc35 and UEFI Secure Boot enabled resulted in Error: Verification Failed: (0x1A) Security Violation https://bugzilla.redhat.com/show_bug.cgi?id=2030940 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-73d63662b0' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The Ubuntu patch tackles the systemd vulnerability CVE-2021-3678 by enhancing permissions and improving validation protocols.. Fedora Update, Grub2 Security, Bootloader Permissions. . Severity: Critical. LinuxSecurity.com Team

Dec 25, 2021 •Critical Fedora