ELSA-2024-2456

ULN >
Oracle Linux Errata repository >
ELSA-2024-2456

ELSA-2024-2456 - grub2 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-05-03

Description

[2.06-77.0.1]
- Support setting custom kernels as default kernels [Orabug: 36043978]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.06-77]
- kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes
- Resolves: #RHEL-26322

[2.06-76]
- fs/ntfs: OOB write fix
- (CVE-2023-4692)
- Resolves: #RHEL-11567

[2.06-75]
- grub-set-bootflag: Fix for CVE-2024-1048
- (CVE-2024-1048)
- Resolves: #RHEL-20747

[2.06-74]
- Don't run 20-grub.install for UKIs
- Resolves: #RHEL-21368

[2.06-73]
- search command: add flag to only search root dev
- Resolves: #RHEL-20526
- Resolves: #CVE-2023-4001

[2.06-72]
- normal: Remove grub_env_set prefix in grub_try_normal_prefix
- Resolves: #RHEL-1601

[2.06-71]
- kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump
- Resolves: #RHEL-14282

Related CVEs

CVE-2023-4693

CVE-2024-1048

CVE-2023-4692

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	grub2-2.06-77.0.1.el9.src.rpm	cddb53d56e42c765758399d6da80f0dd	-	ol9_aarch64_baseos_latest
	grub2-2.06-77.0.1.el9.src.rpm	cddb53d56e42c765758399d6da80f0dd	-	ol9_aarch64_u4_baseos_base
	grub2-common-2.06-77.0.1.el9.noarch.rpm	287f9ab002b71ff29f54beb59ee5aef5	-	ol9_aarch64_baseos_latest
	grub2-common-2.06-77.0.1.el9.noarch.rpm	287f9ab002b71ff29f54beb59ee5aef5	-	ol9_aarch64_u4_baseos_base
	grub2-efi-aa64-2.06-77.0.1.el9.aarch64.rpm	51fe2f4883aa2b59a9d0d6985545da7c	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-2.06-77.0.1.el9.aarch64.rpm	51fe2f4883aa2b59a9d0d6985545da7c	-	ol9_aarch64_u4_baseos_base
	grub2-efi-aa64-cdboot-2.06-77.0.1.el9.aarch64.rpm	d6182a9d8b6577d390bb51590a873235	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-cdboot-2.06-77.0.1.el9.aarch64.rpm	d6182a9d8b6577d390bb51590a873235	-	ol9_aarch64_u4_baseos_base
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	6524c35ddf24b0e5bfa933b4c1cd10f8	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	6524c35ddf24b0e5bfa933b4c1cd10f8	-	ol9_aarch64_u4_baseos_base
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	04f913a06567af366343053c2ea60281	-	ol9_aarch64_baseos_latest
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	04f913a06567af366343053c2ea60281	-	ol9_aarch64_u4_baseos_base
	grub2-tools-2.06-77.0.1.el9.aarch64.rpm	bb9e18369f1ef812ba30d180932cfd01	-	ol9_aarch64_baseos_latest
	grub2-tools-2.06-77.0.1.el9.aarch64.rpm	bb9e18369f1ef812ba30d180932cfd01	-	ol9_aarch64_u4_baseos_base
	grub2-tools-extra-2.06-77.0.1.el9.aarch64.rpm	e1eaed94250ea8b3e52a88d5a3005e6f	-	ol9_aarch64_baseos_latest
	grub2-tools-extra-2.06-77.0.1.el9.aarch64.rpm	e1eaed94250ea8b3e52a88d5a3005e6f	-	ol9_aarch64_u4_baseos_base
	grub2-tools-minimal-2.06-77.0.1.el9.aarch64.rpm	d8abf9e21ad0a4e9660a77402cece291	-	ol9_aarch64_baseos_latest
	grub2-tools-minimal-2.06-77.0.1.el9.aarch64.rpm	d8abf9e21ad0a4e9660a77402cece291	-	ol9_aarch64_u4_baseos_base

Oracle Linux 9 (x86_64)	grub2-2.06-77.0.1.el9.src.rpm	cddb53d56e42c765758399d6da80f0dd	-	ol9_x86_64_baseos_latest
	grub2-2.06-77.0.1.el9.src.rpm	cddb53d56e42c765758399d6da80f0dd	-	ol9_x86_64_u4_baseos_base
	grub2-common-2.06-77.0.1.el9.noarch.rpm	287f9ab002b71ff29f54beb59ee5aef5	-	ol9_x86_64_baseos_latest
	grub2-common-2.06-77.0.1.el9.noarch.rpm	287f9ab002b71ff29f54beb59ee5aef5	-	ol9_x86_64_u4_baseos_base
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	6524c35ddf24b0e5bfa933b4c1cd10f8	-	ol9_x86_64_baseos_latest
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	6524c35ddf24b0e5bfa933b4c1cd10f8	-	ol9_x86_64_u4_baseos_base
	grub2-efi-x64-2.06-77.0.1.el9.x86_64.rpm	d2ac6ff9f52192f9026b36a70f36a5f9	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-2.06-77.0.1.el9.x86_64.rpm	d2ac6ff9f52192f9026b36a70f36a5f9	-	ol9_x86_64_u4_baseos_base
	grub2-efi-x64-cdboot-2.06-77.0.1.el9.x86_64.rpm	7c8c580bdc291c1ef0e0c2e37c16c185	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-cdboot-2.06-77.0.1.el9.x86_64.rpm	7c8c580bdc291c1ef0e0c2e37c16c185	-	ol9_x86_64_u4_baseos_base
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	04f913a06567af366343053c2ea60281	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	04f913a06567af366343053c2ea60281	-	ol9_x86_64_u4_baseos_base
	grub2-pc-2.06-77.0.1.el9.x86_64.rpm	18be08e1a01416f31d2e943e1d7f28ba	-	ol9_x86_64_baseos_latest
	grub2-pc-2.06-77.0.1.el9.x86_64.rpm	18be08e1a01416f31d2e943e1d7f28ba	-	ol9_x86_64_u4_baseos_base
	grub2-pc-modules-2.06-77.0.1.el9.noarch.rpm	48d064db5f465b8d3fb94b5e08bdeb36	-	ol9_x86_64_baseos_latest
	grub2-pc-modules-2.06-77.0.1.el9.noarch.rpm	48d064db5f465b8d3fb94b5e08bdeb36	-	ol9_x86_64_u4_baseos_base
	grub2-tools-2.06-77.0.1.el9.x86_64.rpm	70f0b132c52bf2b0c2776e25366a88dc	-	ol9_x86_64_baseos_latest
	grub2-tools-2.06-77.0.1.el9.x86_64.rpm	70f0b132c52bf2b0c2776e25366a88dc	-	ol9_x86_64_u4_baseos_base
	grub2-tools-efi-2.06-77.0.1.el9.x86_64.rpm	7ff43b638bcb2527355ee6614e6d203c	-	ol9_x86_64_baseos_latest
	grub2-tools-efi-2.06-77.0.1.el9.x86_64.rpm	7ff43b638bcb2527355ee6614e6d203c	-	ol9_x86_64_u4_baseos_base
	grub2-tools-extra-2.06-77.0.1.el9.x86_64.rpm	dbcc981c78a3917705dd17f083b7c13d	-	ol9_x86_64_baseos_latest
	grub2-tools-extra-2.06-77.0.1.el9.x86_64.rpm	dbcc981c78a3917705dd17f083b7c13d	-	ol9_x86_64_u4_baseos_base
	grub2-tools-minimal-2.06-77.0.1.el9.x86_64.rpm	3b4bfe195063eaa61619bed34f5467bb	-	ol9_x86_64_baseos_latest
	grub2-tools-minimal-2.06-77.0.1.el9.x86_64.rpm	3b4bfe195063eaa61619bed34f5467bb	-	ol9_x86_64_u4_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691