Oracle Linux Security Advisory ELSA-2023-0049

https://linux.oracle.com/errata/ELSA-2023-0049.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grub2-common-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-efi-aa64-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-efi-ia32-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-efi-ia32-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-efi-x64-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-efi-x64-cdboot-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-efi-x64-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-pc-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-pc-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-tools-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-tools-efi-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-tools-extra-2.02-142.0.3.el8_7.1.x86_64.rpm
grub2-tools-minimal-2.02-142.0.3.el8_7.1.x86_64.rpm

aarch64:
grub2-common-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-efi-aa64-2.02-142.0.3.el8_7.1.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-142.0.3.el8_7.1.aarch64.rpm
grub2-efi-aa64-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-efi-ia32-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-efi-x64-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-pc-modules-2.02-142.0.3.el8_7.1.noarch.rpm
grub2-tools-2.02-142.0.3.el8_7.1.aarch64.rpm
grub2-tools-extra-2.02-142.0.3.el8_7.1.aarch64.rpm
grub2-tools-minimal-2.02-142.0.3.el8_7.1.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//grub2-2.02-142.0.3.el8_7.1.src.rpm

Related CVEs:

CVE-2022-2601
CVE-2022-3775




Description of changes:

[2.02-142.0.3.el8_7.1]
- Fix CVE-2022-3775, CVE-2022-2601 [Orabug: 34867710]
- Bump SBAT metadata for grub to 3 [Orabug: 34871758]
- Enable signing on aarch64
- Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996]
- Enable back btrfs module by default [Orabug: 34377188]
- Backport upstream SNP protocol fixes [Orabug: 34195100]
- Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232]
- enable multiboot2 [Orabug: 34285558]
- backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462]
- backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462]
- Backport some better script logic for BTRFS support [Orabug: 32448171]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- Fix various coverity issues [Orabug: 32530657]
- Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]
- Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.02-142.el8_7.1]
- Sync with 8.8 (actually 2.02-145)
- Resolves: CVE-2022-2601

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2023-0049: grub2 security Moderate Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[2.02-142.0.3.el8_7.1] - Fix CVE-2022-3775, CVE-2022-2601 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996] - Enable back btrfs module by default [Orabug: 34377188] - Backport upstream SNP protocol fixes [Orabug: 34195100] - Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232] - enable multiboot2 [Orabug: 34285558] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put "with" in menuentry instead of "using" [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.02-142.el8_7.1] - Sync with 8.8 (actually 2.02-145) - Resolves: CVE-2022-2601

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//grub2-2.02-142.0.3.el8_7.1.src.rpm

x86_64

grub2-common-2.02-142.0.3.el8_7.1.noarch.rpm grub2-efi-aa64-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-efi-ia32-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-efi-ia32-cdboot-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-efi-ia32-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-efi-x64-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-efi-x64-cdboot-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-efi-x64-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-pc-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-pc-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-tools-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-tools-efi-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-tools-extra-2.02-142.0.3.el8_7.1.x86_64.rpm grub2-tools-minimal-2.02-142.0.3.el8_7.1.x86_64.rpm

aarch64

grub2-common-2.02-142.0.3.el8_7.1.noarch.rpm grub2-efi-aa64-2.02-142.0.3.el8_7.1.aarch64.rpm grub2-efi-aa64-cdboot-2.02-142.0.3.el8_7.1.aarch64.rpm grub2-efi-aa64-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-efi-ia32-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-efi-x64-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-pc-modules-2.02-142.0.3.el8_7.1.noarch.rpm grub2-tools-2.02-142.0.3.el8_7.1.aarch64.rpm grub2-tools-extra-2.02-142.0.3.el8_7.1.aarch64.rpm grub2-tools-minimal-2.02-142.0.3.el8_7.1.aarch64.rpm

i386

Severity
Related CVEs: CVE-2022-2601 CVE-2022-3775

Related News

13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved