—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: grub2 security update
Advisory ID: RHSA-2020:3227-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3227
Issue date: 2020-07-29
CVE Names: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309
CVE-2020-14310 CVE-2020-14311 CVE-2020-15705
CVE-2020-15706 CVE-2020-15707
=====================================================================
1. Summary:
An update for grub2, shim, and fwupd is now available for Red Hat
Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS E4S (v. 8.0) – noarch, ppc64le, x86_64
3. Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.
The fwupd packages provide a service that allows session software to update
device firmware.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1825243 – CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
1852009 – CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 – CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
1852022 – CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
1852030 – CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
1860978 – CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 – CVE-2020-15706 grub2: Use-after-free redefining a function whilst the same function is already executing
1861581 – CVE-2020-15707 grub2: Integer overflow in initrd size handling
6. Package List:
Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
Source:
fwupd-1.1.4-2.el8_0.src.rpm
grub2-2.02-87.el8_0.src.rpm
shim-15-14.el8_0.src.rpm
noarch:
grub2-common-2.02-87.el8_0.noarch.rpm
grub2-efi-aa64-modules-2.02-87.el8_0.noarch.rpm
grub2-efi-ia32-modules-2.02-87.el8_0.noarch.rpm
grub2-efi-x64-modules-2.02-87.el8_0.noarch.rpm
grub2-pc-modules-2.02-87.el8_0.noarch.rpm
grub2-ppc64le-modules-2.02-87.el8_0.noarch.rpm
ppc64le:
fwupd-1.1.4-2.el8_0.ppc64le.rpm
fwupd-debuginfo-1.1.4-2.el8_0.ppc64le.rpm
fwupd-debugsource-1.1.4-2.el8_0.ppc64le.rpm
grub2-debuginfo-2.02-87.el8_0.ppc64le.rpm
grub2-debugsource-2.02-87.el8_0.ppc64le.rpm
grub2-ppc64le-2.02-87.el8_0.ppc64le.rpm
grub2-tools-2.02-87.el8_0.ppc64le.rpm
grub2-tools-debuginfo-2.02-87.el8_0.ppc64le.rpm
grub2-tools-extra-2.02-87.el8_0.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_0.ppc64le.rpm
grub2-tools-minimal-2.02-87.el8_0.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_0.ppc64le.rpm
x86_64:
fwupd-1.1.4-2.el8_0.x86_64.rpm
fwupd-debuginfo-1.1.4-2.el8_0.x86_64.rpm
fwupd-debugsource-1.1.4-2.el8_0.x86_64.rpm
grub2-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-debugsource-2.02-87.el8_0.x86_64.rpm
grub2-efi-ia32-2.02-87.el8_0.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-87.el8_0.x86_64.rpm
grub2-efi-x64-2.02-87.el8_0.x86_64.rpm
grub2-efi-x64-cdboot-2.02-87.el8_0.x86_64.rpm
grub2-pc-2.02-87.el8_0.x86_64.rpm
grub2-tools-2.02-87.el8_0.x86_64.rpm
grub2-tools-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-tools-efi-2.02-87.el8_0.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-tools-extra-2.02-87.el8_0.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-tools-minimal-2.02-87.el8_0.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_0.x86_64.rpm
shim-ia32-15-14.el8_0.x86_64.rpm
shim-x64-15-14.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXyHZEtzjgjWX9erEAQi/iQ/6AnVamiVIedrN+1zdQiHGyuPUcNBgS3f+
1QQ2pwLAwB4tFdZqQeH/ozP/7jiwpzjBH6gEaa6iwjSJVdFS1jtsbx84XzjnIJ6F
jg7lJssJyE/zXIW0UZ1tcLiwt6AqMB6bl2djk1PzQj+VazumZ9JOacYrTQFwyrAB
Z25a0Q0KbFhaKhfo/QB3OpG1Ek6V2yWYD0ScKohvI918iBvvz/zG4zoyClmzTxYO
9nr8ZvRJQfzBop1qiDbedJSeLIfsJJyQcEmD25IBVeVKKNLF25gzBqAnq8OLMGDR
2FxRvPzf9vzMxeOyo3Dr4ZHsG5ZnmTF/gS8QYO7SquMVmJJ1C+pNHyvxfT8VpFM7
9O7KMQMIoCfUiVdeUS5Rt1bZlx5w2/Wk6LN6/TGBYLDIIz7zpllL+hAGVlI/GPK6
uXVhJunpRqJ1sLg+KUaSHENFywqnwlslcR7bXWUG/oH/0C+I+4Edx9p0sKVLnf9F
GVWwAmw1ZZG/Ab7SEGidLLBEllrBh/4VYTIktXJovmJ3cz+SYP19sM98+5ftJb/S
8/DnJpGAxxDAe6QHxInCT25uIHKkZND0d06dzWvn/n5lSPBHJ+KPTR2sC1DlcuI7
XIhcj+WBO/rSJBnl2IyuusKThyVD9D1oCvsGm0Y0ZCxP2JsErAmjgWO1AEvODSok
Hjos6WFqcW8=
=yC3d
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: grub2 security and bug fix update
Advisory ID: RHSA-2020:3217-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3217
Issue date: 2020-07-29
CVE Names: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309
CVE-2020-14310 CVE-2020-14311 CVE-2020-15705
CVE-2020-15706 CVE-2020-15707
=====================================================================
1. Summary:
An update for grub2, shim, shim-signed, and fwupdate is now available for
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – noarch, x86_64
3. Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.
The fwupdate packages provide a service that allows session software to
update device firmware.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* grub2 doesn’t handle relative paths correctly for UEFI HTTP Boot
(BZ#1616395)
* UEFI HTTP boot over IPv6 does not work (BZ#1732765)
Users of grub2 are advised to upgrade to these updated packages, which fix
these bugs.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1616395 – grub2 doesn’t handle relative paths correctly for UEFI HTTP Boot
1732765 – UEFI HTTP boot over IPv6 does not work
1825243 – CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
1852009 – CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 – CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
1852022 – CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
1852030 – CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
1860978 – CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 – CVE-2020-15706 grub2: Use-after-free redefining a function whilst the same function is already executing
1861581 – CVE-2020-15707 grub2: Integer overflow in initrd size handling
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm
noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm
x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm
noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm
x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm
noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm
ppc64:
grub2-2.02-0.86.el7_8.ppc64.rpm
grub2-debuginfo-2.02-0.86.el7_8.ppc64.rpm
grub2-ppc64-2.02-0.86.el7_8.ppc64.rpm
grub2-tools-2.02-0.86.el7_8.ppc64.rpm
grub2-tools-extra-2.02-0.86.el7_8.ppc64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.ppc64.rpm
ppc64le:
grub2-2.02-0.86.el7_8.ppc64le.rpm
grub2-debuginfo-2.02-0.86.el7_8.ppc64le.rpm
grub2-ppc64le-2.02-0.86.el7_8.ppc64le.rpm
grub2-tools-2.02-0.86.el7_8.ppc64le.rpm
grub2-tools-extra-2.02-0.86.el7_8.ppc64le.rpm
grub2-tools-minimal-2.02-0.86.el7_8.ppc64le.rpm
x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm
noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm
x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXyHPd9zjgjWX9erEAQhkbA/9GyUNQ0t+giFZBD+d3kury+VEwisdlUfX
FLeZ5fpDNNOFPJuzEqtI9WzFP9V3XtaCia9W0ELd9IF9tFgNPFnyOliQGF9Nd6Sv
wH38cEhARswOlILJwYTVFqzbFzM8U+aWbw5/y5mgt/a5ludPKFqRyVrjfmIPjtpN
AGkgFhNnlx31Ct4lN66w1uyDEwbR/uKezAISZqGxkH2WcLL/53dhtFYTNc/dKiiu
pB/6YZ2UwDKzk45cU6gkCEMz4IiEqjAflv9TEocA1w8Y6QPi9wvaWO7BVL/mT4hW
HPKSV7I0QW2ZhcxyEFrT+nEpeTxi3DtLJLVrWhSYwk5QSIoEoKH0wGZsbgabLkbS
gsvfRZnAQ997Y94klkq9W3t7vf/f3jtBFQUtpBSOXdOlJZGK15iG1PsjSiaaM40Q
vMUuOLhBoFT55WY56wYMEHpswhXm6hKLWhplP0kQX/5cIrXHE5ai4QyazwtNjycI
xFLe+ezT6G2UxaPkgthLruGV74icVOIy0C09LT7FvwmYujqrdtFxxthLB3D6+/T/
ZXaVffNWJUkYizSNHSH4x6XwauURgfsJUlFp46SU17bxOtRlY5djAQ8vE8hVoS8z
nJuF6huI1ATM/8f3slQ3+uONnH7Yno2HN/kkSBGeOGEs3wr/riDgoRwbBHRA3hBv
t4FTWxd9C3A=
=TjQr
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: grub2 security update
Advisory ID: RHSA-2020:3223-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3223
Issue date: 2020-07-29
CVE Names: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309
CVE-2020-14310 CVE-2020-14311 CVE-2020-15705
CVE-2020-15706 CVE-2020-15707
=====================================================================
1. Summary:
An update for grub2, shim, shim-unsigned-x64, and fwupd is now available
for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder EUS (v. 8.1) – x86_64
Red Hat Enterprise Linux BaseOS EUS (v. 8.1) – aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.
The fwupd packages provide a service that allows session software to update
device firmware.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1825243 – CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
1852009 – CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 – CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
1852022 – CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
1852030 – CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
1860978 – CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 – CVE-2020-15706 grub2: Use-after-free redefining a function whilst the same function is already executing
1861581 – CVE-2020-15707 grub2: Integer overflow in initrd size handling
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.1):
Source:
fwupd-1.1.4-2.el8_1.src.rpm
grub2-2.02-87.el8_1.src.rpm
shim-15-14.el8_1.src.rpm
aarch64:
fwupd-1.1.4-2.el8_1.aarch64.rpm
fwupd-debuginfo-1.1.4-2.el8_1.aarch64.rpm
fwupd-debugsource-1.1.4-2.el8_1.aarch64.rpm
grub2-debuginfo-2.02-87.el8_1.aarch64.rpm
grub2-debugsource-2.02-87.el8_1.aarch64.rpm
grub2-efi-aa64-2.02-87.el8_1.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-87.el8_1.aarch64.rpm
grub2-tools-2.02-87.el8_1.aarch64.rpm
grub2-tools-debuginfo-2.02-87.el8_1.aarch64.rpm
grub2-tools-extra-2.02-87.el8_1.aarch64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_1.aarch64.rpm
grub2-tools-minimal-2.02-87.el8_1.aarch64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_1.aarch64.rpm
shim-aa64-15-14.el8_1.aarch64.rpm
noarch:
grub2-common-2.02-87.el8_1.noarch.rpm
grub2-efi-aa64-modules-2.02-87.el8_1.noarch.rpm
grub2-efi-ia32-modules-2.02-87.el8_1.noarch.rpm
grub2-efi-x64-modules-2.02-87.el8_1.noarch.rpm
grub2-pc-modules-2.02-87.el8_1.noarch.rpm
grub2-ppc64le-modules-2.02-87.el8_1.noarch.rpm
ppc64le:
fwupd-1.1.4-2.el8_1.ppc64le.rpm
fwupd-debuginfo-1.1.4-2.el8_1.ppc64le.rpm
fwupd-debugsource-1.1.4-2.el8_1.ppc64le.rpm
grub2-debuginfo-2.02-87.el8_1.ppc64le.rpm
grub2-debugsource-2.02-87.el8_1.ppc64le.rpm
grub2-ppc64le-2.02-87.el8_1.ppc64le.rpm
grub2-tools-2.02-87.el8_1.ppc64le.rpm
grub2-tools-debuginfo-2.02-87.el8_1.ppc64le.rpm
grub2-tools-extra-2.02-87.el8_1.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_1.ppc64le.rpm
grub2-tools-minimal-2.02-87.el8_1.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_1.ppc64le.rpm
s390x:
fwupd-1.1.4-2.el8_1.s390x.rpm
fwupd-debuginfo-1.1.4-2.el8_1.s390x.rpm
fwupd-debugsource-1.1.4-2.el8_1.s390x.rpm
x86_64:
fwupd-1.1.4-2.el8_1.x86_64.rpm
fwupd-debuginfo-1.1.4-2.el8_1.x86_64.rpm
fwupd-debugsource-1.1.4-2.el8_1.x86_64.rpm
grub2-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-debugsource-2.02-87.el8_1.x86_64.rpm
grub2-efi-ia32-2.02-87.el8_1.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-87.el8_1.x86_64.rpm
grub2-efi-x64-2.02-87.el8_1.x86_64.rpm
grub2-efi-x64-cdboot-2.02-87.el8_1.x86_64.rpm
grub2-pc-2.02-87.el8_1.x86_64.rpm
grub2-tools-2.02-87.el8_1.x86_64.rpm
grub2-tools-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-tools-efi-2.02-87.el8_1.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-tools-extra-2.02-87.el8_1.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-tools-minimal-2.02-87.el8_1.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_1.x86_64.rpm
shim-ia32-15-14.el8_1.x86_64.rpm
shim-x64-15-14.el8_1.x86_64.rpm
Red Hat CodeReady Linux Builder EUS (v. 8.1):
Source:
shim-unsigned-x64-15-7.el8.src.rpm
x86_64:
shim-unsigned-x64-15-7.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXyHQgNzjgjWX9erEAQhnvhAAgryO0E3ox1uIRkWKWXF1NoRq9X+r4dpJ
Oc0Wn2t/hgG3S/lzqQJWDGkRVSrIycSd2NhAuC2nsCzIZNsngSkNP6jFrnl6MHYy
Q4ZS/RF1hFZxaHMGb1DDOsKGxjlKdqgk2V7TN5nfJBLjEOB+REiO8ih2bzwjLNUi
maiWwra1beKdEmSBPPbJ+M1yzRgZIbY7d9zNY7G7xzrovDq/S99iSB1D58tNbh/u
Us91GL1MTUTd3YSBt1qjIF8p+4f2JXuu0NeNTTkBAsyjHDqATniSFH+ZoDRp6lxW
PDMGABFh6479y50mLS69ac647xFKCAbzDutc04rBL/BzivxzOp4prO39ebZVe4XP
S4O/EU5Iu62YtIx6iwiQ8razXqW/Zb+y2xCi8VaxJqJwogk0HqVxfXewUbPmmvjR
9fLEEBz1bir+rDYU59KAhT0+w5iAYQZmKbpD/zjyGqedSDoCgWlORF8JND+4B6IB
xwmiDZWrfH3lsg4rzIIFr4rd6vzI9d4Rc5LFVyqSIZ/REWhJDxKWs/8H5PvNzDk0
3UqmAdfosJFQvWFhrFxfZy/ITBz6p9ScSe8s2aFudOUwGYbR8eY3mTqAqCJJq+wT
LG9XZAfSAB6Xwolvwa5jKVna34EqzDMexJp76ZZ3I9agH7IXeYA/xnMTKt/tt18Z
kEuD5ben5IU=
=j/2T
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
==========================================================================
Ubuntu Security Notice USN-4432-1
July 29, 2020
grub2, grub2-signed vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in GRUB 2.
Software Description:
– grub2: GRand Unified Bootloader
– grub2-signed: GRand Unified Bootloader
Details:
Jesse Michael and Mickey Shkatov discovered that the configuration parser
in GRUB2 did not properly exit when errors were discovered, resulting in
heap-based buffer overflows. A local attacker could use this to execute
arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)
Chris Coulson discovered that the GRUB2 function handling code did not
properly handle a function being redefined, leading to a use-after-free
vulnerability. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions. (CVE-2020-15706)
Chris Coulson discovered that multiple integer overflows existed in GRUB2
when handling certain filesystems or font files, leading to heap-based
buffer overflows. A local attacker could use these to execute arbitrary
code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309,
CVE-2020-14310, CVE-2020-14311)
It was discovered that the memory allocator for GRUB2 did not validate
allocation size, resulting in multiple integer overflows and heap-based
buffer overflows when handling certain filesystems, PNG images or disk
metadata. A local attacker could use this to execute arbitrary code and
bypass UEFI Secure Boot restrictions. (CVE-2020-14308)
Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2
failed to validate kernel signatures. A local attacker could use this
to bypass Secure Boot restrictions. (CVE-2020-15705)
Colin Watson and Chris Coulson discovered that an integer overflow
existed in GRUB2 when handling the initrd command, leading to a heap-based
buffer overflow. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions. (CVE-2020-15707)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
grub-efi-amd64-bin 2.04-1ubuntu26.1
grub-efi-amd64-signed 1.142.3+2.04-1ubuntu26.1
grub-efi-arm-bin 2.04-1ubuntu26.1
grub-efi-arm64-bin 2.04-1ubuntu26.1
grub-efi-arm64-signed 1.142.3+2.04-1ubuntu26.1
grub-efi-ia32-bin 2.04-1ubuntu26.1
Ubuntu 18.04 LTS:
grub-efi-amd64-bin 2.02-2ubuntu8.16
grub-efi-amd64-signed 1.93.18+2.02-2ubuntu8.16
grub-efi-arm-bin 2.02-2ubuntu8.16
grub-efi-arm64-bin 2.02-2ubuntu8.16
grub-efi-arm64-signed 1.93.18+2.02-2ubuntu8.16
grub-efi-ia32-bin 2.02-2ubuntu8.16
grub-efi-ia64-bin 2.02-2ubuntu8.16
Ubuntu 16.04 LTS:
grub-efi-amd64-bin 2.02~beta2-36ubuntu3.26
grub-efi-amd64-signed 1.66.26+2.02~beta2-36ubuntu3.26
grub-efi-arm-bin 2.02~beta2-36ubuntu3.26
grub-efi-arm64-bin 2.02~beta2-36ubuntu3.26
grub-efi-arm64-signed 1.66.26+2.02~beta2-36ubuntu3.26
grub-efi-ia32-bin 2.02~beta2-36ubuntu3.26
grub-efi-ia64-bin 2.02~beta2-36ubuntu3.26
Ubuntu 14.04 ESM:
grub-efi-amd64-bin 2.02~beta2-9ubuntu1.20
grub-efi-amd64-signed 1.34.22+2.02~beta2-9ubuntu1.20
grub-efi-arm-bin 2.02~beta2-9ubuntu1.20
grub-efi-arm64-bin 2.02~beta2-9ubuntu1.20
grub-efi-ia32-bin 2.02~beta2-9ubuntu1.20
grub-efi-ia64-bin 2.02~beta2-9ubuntu1.20
Fully mitigating these vulnerabilities requires both an updated
GRUB2 boot loader and the application of a UEFI Revocation
List (dbx) to system firmware. Ubuntu will provide a packaged
dbx update at a later time, though system adminstrators may
choose to apply a third party dbx update before then. For more
details on mitigation steps and the risks entailed (especially for
dual/multi-boot scenarios), please see the Knowledge Base article at
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
References:
https://usn.ubuntu.com/4432-1
CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310,
CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707,
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
Package Information:
https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu26.1
https://launchpad.net/ubuntu/+source/grub2-signed/1.142.3
https://launchpad.net/ubuntu/+source/grub2/2.02-2ubuntu8.16
https://launchpad.net/ubuntu/+source/grub2-signed/1.93.18
https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.26
https://launchpad.net/ubuntu/+source/grub2-signed/1.66.26
—–BEGIN PGP SIGNATURE—–
iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAl8hztoACgkQYR+97NWU
bg9Q5ggApXrXFFVVpwwcSENEpac2uc5mAls8qA9M/nY4wQzIeGdF3vt+ujLXRk7k
cNJNgAp8lCia7t4cStj8B9Uqfd7tXNaRzd+EoJ+Uukezr2Cv2t9GIKzpdjm/kFeE
BSWSBUSTrxRex9O75MwHqRmSzLs9ClXL3cPIfHLBJHmYB6aRcwpxJAfPRThASeDN
HKvVypDzkGtxkHMOpSSr4/n071sdP7zR0QTpIRNBZNxC7IgfMoukSaAgOclXAUIX
9USPTXJiRxdEnA+nYDjk0NwP13pb1PsmkP0EkrToC7ldkyDmsOPEWVPX0B5hh2fy
Kb6r3XEqUB9kuz3OokUnZaDYBxA+aw==
=OcTs
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: grub2 security update
Advisory ID: RHSA-2020:3216-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3216
Issue date: 2020-07-29
CVE Names: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309
CVE-2020-14310 CVE-2020-14311 CVE-2020-15705
CVE-2020-15706 CVE-2020-15707
=====================================================================
1. Summary:
An update for grub2, shim, shim-unsigned-x64, and fwupd is now available
for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) – x86_64
Red Hat Enterprise Linux BaseOS (v. 8) – aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.
The fwupd packages provide a service that allows session software to update
device firmware.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1825243 – CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
1852009 – CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 – CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
1852022 – CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
1852030 – CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
1860978 – CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 – CVE-2020-15706 grub2: Use-after-free redefining a function whilst the same function is already executing
1861581 – CVE-2020-15707 grub2: Integer overflow in initrd size handling
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
fwupd-1.1.4-7.el8_2.src.rpm
grub2-2.02-87.el8_2.src.rpm
shim-15-14.el8_2.src.rpm
aarch64:
fwupd-1.1.4-7.el8_2.aarch64.rpm
fwupd-debuginfo-1.1.4-7.el8_2.aarch64.rpm
fwupd-debugsource-1.1.4-7.el8_2.aarch64.rpm
grub2-debuginfo-2.02-87.el8_2.aarch64.rpm
grub2-debugsource-2.02-87.el8_2.aarch64.rpm
grub2-efi-aa64-2.02-87.el8_2.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-87.el8_2.aarch64.rpm
grub2-tools-2.02-87.el8_2.aarch64.rpm
grub2-tools-debuginfo-2.02-87.el8_2.aarch64.rpm
grub2-tools-extra-2.02-87.el8_2.aarch64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_2.aarch64.rpm
grub2-tools-minimal-2.02-87.el8_2.aarch64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_2.aarch64.rpm
shim-aa64-15-14.el8_2.aarch64.rpm
noarch:
grub2-common-2.02-87.el8_2.noarch.rpm
grub2-efi-aa64-modules-2.02-87.el8_2.noarch.rpm
grub2-efi-ia32-modules-2.02-87.el8_2.noarch.rpm
grub2-efi-x64-modules-2.02-87.el8_2.noarch.rpm
grub2-pc-modules-2.02-87.el8_2.noarch.rpm
grub2-ppc64le-modules-2.02-87.el8_2.noarch.rpm
ppc64le:
fwupd-1.1.4-7.el8_2.ppc64le.rpm
fwupd-debuginfo-1.1.4-7.el8_2.ppc64le.rpm
fwupd-debugsource-1.1.4-7.el8_2.ppc64le.rpm
grub2-debuginfo-2.02-87.el8_2.ppc64le.rpm
grub2-debugsource-2.02-87.el8_2.ppc64le.rpm
grub2-ppc64le-2.02-87.el8_2.ppc64le.rpm
grub2-tools-2.02-87.el8_2.ppc64le.rpm
grub2-tools-debuginfo-2.02-87.el8_2.ppc64le.rpm
grub2-tools-extra-2.02-87.el8_2.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_2.ppc64le.rpm
grub2-tools-minimal-2.02-87.el8_2.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_2.ppc64le.rpm
s390x:
fwupd-1.1.4-7.el8_2.s390x.rpm
fwupd-debuginfo-1.1.4-7.el8_2.s390x.rpm
fwupd-debugsource-1.1.4-7.el8_2.s390x.rpm
x86_64:
fwupd-1.1.4-7.el8_2.x86_64.rpm
fwupd-debuginfo-1.1.4-7.el8_2.x86_64.rpm
fwupd-debugsource-1.1.4-7.el8_2.x86_64.rpm
grub2-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-debugsource-2.02-87.el8_2.x86_64.rpm
grub2-efi-ia32-2.02-87.el8_2.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-87.el8_2.x86_64.rpm
grub2-efi-x64-2.02-87.el8_2.x86_64.rpm
grub2-efi-x64-cdboot-2.02-87.el8_2.x86_64.rpm
grub2-pc-2.02-87.el8_2.x86_64.rpm
grub2-tools-2.02-87.el8_2.x86_64.rpm
grub2-tools-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-tools-efi-2.02-87.el8_2.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-tools-extra-2.02-87.el8_2.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-tools-minimal-2.02-87.el8_2.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_2.x86_64.rpm
shim-ia32-15-14.el8_2.x86_64.rpm
shim-x64-15-14.el8_2.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
Source:
shim-unsigned-x64-15-7.el8.src.rpm
x86_64:
shim-unsigned-x64-15-7.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXyHAzdzjgjWX9erEAQhobw/9GgoCaSLYNCxlFlnI2aka3CSGuqvkBpZt
EWCAhSfU/7/hyHNT0Vpc1cb/Zou+959CXlFFv+gEi0eNHiXIxaB5daGtKYS5aSJH
dL+UHRD9oPCarDZ0Z3ukZEWnkEoOXgk/1UPG2nwIaC/i5CbVyOEpXNzvgBZZEl/v
XCbk1AFRl2m5HzZgHDE0yzkhmWG5Q5unxc4nGylymL2tRRIkHBMDYfu6bqxYvnLy
Qcs96NNjJBCbSSjG0ZMLbymwF8Jn1XNzrZdTBJ22bF5x/fVRKLpiGcPD43kIOXMv
US5IZlcYzQfCBsGKoiShOHbPTUnNg0pRqazkjevYEZuYUD3YrpzTsxEwOsc+i8w0
DdhCw4kyXXSKo1Rbtk/jDkWm8f9TIssuMXgIgRJkG2EQDcfBVEiAZ/7wZG2pjrx5
q9JdqMacbixL4GpoaP5pVDetIg+t3F60AHukmesGcFeSPK6Y7tmMvBWEeV3gB/z5
gmbPidau09L8q66cRYP6dr5bD8MV+wPyZuOCXlT+GPOcLyjslnYoeyvZf9BFjpvy
53VA2yG/564rMWz4X2jS5ode32VJYQwZ7orlY31M40eEbDve6TiPyaWTXvW8kJK6
h4ZHFMkYELBnEd2GG+JQYz4HUdy+JS9eHOTTAGoYLgMhIVin1ghmBIeRZBTf0GKt
PqA8gQXdsSQ=
=JBDC
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-4735-1 security@debian.org
https://www.debian.org/security/ Yves-Alexis Perez
July 29, 2020 https://www.debian.org/security/faq
– ————————————————————————-
Package : grub2
CVE ID : CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310
CVE-2020-14311 CVE-2020-15706 CVE-2020-15707
Several vulnerabilities have been discovered in the GRUB2 bootloader.
CVE-2020-10713
A flaw in the grub.cfg parsing code was found allowing to break
UEFI Secure Boot and load arbitrary code. Details can be found at
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
CVE-2020-14308
It was discovered that grub_malloc does not validate the allocation
size allowing for arithmetic overflow and subsequently a heap-based
buffer overflow.
CVE-2020-14309
An integer overflow in grub_squash_read_symlink may lead to a heap-
based buffer overflow.
CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap-
based buffer overflow.
CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.
CVE-2020-15706
script: Avoid a use-after-free when redefining a function during
execution.
CVE-2020-15707
An integer overflow flaw was found in the initrd size handling.
Further detailed information can be found at
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
For the stable distribution (buster), these problems have been fixed in
version 2.02+dfsg1-20+deb10u1.
We recommend that you upgrade your grub2 packages.
For the detailed security status of grub2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/grub2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl8hqJsACgkQ3rYcyPpX
RFvSYwgAu1Wb8PR3en7Gvv2bM0OtFyweImB2lSD/mJ5zmp6qcF0cHcHxVlLvyLCe
H9dNnTUT0RJ9CzH1XppeYWYINAPu/Hzuhy1Kx2NtGYc6y+ao76FOMgN4H4TflFjp
aflDyupz4Wox6yqJXyDbz6wj+lvJ7U/a21l/qDD20e6OC8BqAhhHG+JR8iSgWh4f
err8hcJ1Ge6xk0kYmZ/XHgSTJSABgodVI8P0ii9bY9rW3hVx1w9AQqRtd7rA/hh6
oDn07BJ4L4Osugg67zYeZoM8F7V3M+w6F6FoTa4KW6Dauuk2ZRqoLLHSHxoL95xZ
Mxk2Hf23XYZ3V0YwCt8uB56VrzrzhQ==
=j50l
—–END PGP SIGNATURE—–