ELSA-2024-2456

ULN >
Oracle Linux Errata repository >
ELSA-2024-2456

ELSA-2024-2456 - grub2 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-05-03

Description

[2.06-77.0.1]
- Support setting custom kernels as default kernels [Orabug: 36043978]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.06-77]
- kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes
- Resolves: #RHEL-26322

[2.06-76]
- fs/ntfs: OOB write fix
- (CVE-2023-4692)
- Resolves: #RHEL-11567

[2.06-75]
- grub-set-bootflag: Fix for CVE-2024-1048
- (CVE-2024-1048)
- Resolves: #RHEL-20747

[2.06-74]
- Don't run 20-grub.install for UKIs
- Resolves: #RHEL-21368

[2.06-73]
- search command: add flag to only search root dev
- Resolves: #RHEL-20526
- Resolves: #CVE-2023-4001

[2.06-72]
- normal: Remove grub_env_set prefix in grub_try_normal_prefix
- Resolves: #RHEL-1601

[2.06-71]
- kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump
- Resolves: #RHEL-14282

Related CVEs

CVE-2023-4693

CVE-2024-1048

CVE-2023-4692

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	grub2-2.06-77.0.1.el9.src.rpm	10a4a14b6e0966cdcebc23054f4836c622f261a2dab76726004ce3d0e5234c08	-	ol9_aarch64_baseos_latest
	grub2-2.06-77.0.1.el9.src.rpm	10a4a14b6e0966cdcebc23054f4836c622f261a2dab76726004ce3d0e5234c08	-	ol9_aarch64_u4_baseos_base
	grub2-common-2.06-77.0.1.el9.noarch.rpm	7190f8103b55395c8de333658c28616f4ba5be0544bb05f91a5af1f0ce9f4cc8	-	ol9_aarch64_baseos_latest
	grub2-common-2.06-77.0.1.el9.noarch.rpm	7190f8103b55395c8de333658c28616f4ba5be0544bb05f91a5af1f0ce9f4cc8	-	ol9_aarch64_u4_baseos_base
	grub2-efi-aa64-2.06-77.0.1.el9.aarch64.rpm	911d8f4391caa1bda40fa45c5c22e33e1bc09f3a76db26d70660c35e121e78a3	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-2.06-77.0.1.el9.aarch64.rpm	911d8f4391caa1bda40fa45c5c22e33e1bc09f3a76db26d70660c35e121e78a3	-	ol9_aarch64_u4_baseos_base
	grub2-efi-aa64-cdboot-2.06-77.0.1.el9.aarch64.rpm	0366d4e5270ba255b99191fb909424ab1f6df891dc8f2a259fcb1d6af5a0ced2	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-cdboot-2.06-77.0.1.el9.aarch64.rpm	0366d4e5270ba255b99191fb909424ab1f6df891dc8f2a259fcb1d6af5a0ced2	-	ol9_aarch64_u4_baseos_base
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	2a208134a072f43ee0605093295b9ea32da992cf14b1616d056a7a89fbc20d3c	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	2a208134a072f43ee0605093295b9ea32da992cf14b1616d056a7a89fbc20d3c	-	ol9_aarch64_u4_baseos_base
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	463f770d0018fb0e0560843cc0b5a06ab945a7fad41fbbdb69aadb7c1b19b42b	-	ol9_aarch64_baseos_latest
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	463f770d0018fb0e0560843cc0b5a06ab945a7fad41fbbdb69aadb7c1b19b42b	-	ol9_aarch64_u4_baseos_base
	grub2-tools-2.06-77.0.1.el9.aarch64.rpm	dd348a0d07916aed6a6dbcd4c4f3bbcf607844637440df2f2ccd19a29103563a	-	ol9_aarch64_baseos_latest
	grub2-tools-2.06-77.0.1.el9.aarch64.rpm	dd348a0d07916aed6a6dbcd4c4f3bbcf607844637440df2f2ccd19a29103563a	-	ol9_aarch64_u4_baseos_base
	grub2-tools-extra-2.06-77.0.1.el9.aarch64.rpm	c0493c074a981b2650e3c4d0b78332b10e5ee7ce0517cc95ea3f4e06927be6db	-	ol9_aarch64_baseos_latest
	grub2-tools-extra-2.06-77.0.1.el9.aarch64.rpm	c0493c074a981b2650e3c4d0b78332b10e5ee7ce0517cc95ea3f4e06927be6db	-	ol9_aarch64_u4_baseos_base
	grub2-tools-minimal-2.06-77.0.1.el9.aarch64.rpm	8b41bf92fbdc7221eb64503694c75b127e92715937ab8a32a5ec21a2b2271852	-	ol9_aarch64_baseos_latest
	grub2-tools-minimal-2.06-77.0.1.el9.aarch64.rpm	8b41bf92fbdc7221eb64503694c75b127e92715937ab8a32a5ec21a2b2271852	-	ol9_aarch64_u4_baseos_base

Oracle Linux 9 (x86_64)	grub2-2.06-77.0.1.el9.src.rpm	10a4a14b6e0966cdcebc23054f4836c622f261a2dab76726004ce3d0e5234c08	-	ol9_x86_64_baseos_latest
	grub2-2.06-77.0.1.el9.src.rpm	10a4a14b6e0966cdcebc23054f4836c622f261a2dab76726004ce3d0e5234c08	-	ol9_x86_64_u4_baseos_base
	grub2-common-2.06-77.0.1.el9.noarch.rpm	7190f8103b55395c8de333658c28616f4ba5be0544bb05f91a5af1f0ce9f4cc8	-	ol9_x86_64_baseos_latest
	grub2-common-2.06-77.0.1.el9.noarch.rpm	7190f8103b55395c8de333658c28616f4ba5be0544bb05f91a5af1f0ce9f4cc8	-	ol9_x86_64_u4_baseos_base
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	2a208134a072f43ee0605093295b9ea32da992cf14b1616d056a7a89fbc20d3c	-	ol9_x86_64_baseos_latest
	grub2-efi-aa64-modules-2.06-77.0.1.el9.noarch.rpm	2a208134a072f43ee0605093295b9ea32da992cf14b1616d056a7a89fbc20d3c	-	ol9_x86_64_u4_baseos_base
	grub2-efi-x64-2.06-77.0.1.el9.x86_64.rpm	6aaceb2e9f1c0cd07457ce707e94944ee0654de925e799dfc14cc9e2e58f19ab	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-2.06-77.0.1.el9.x86_64.rpm	6aaceb2e9f1c0cd07457ce707e94944ee0654de925e799dfc14cc9e2e58f19ab	-	ol9_x86_64_u4_baseos_base
	grub2-efi-x64-cdboot-2.06-77.0.1.el9.x86_64.rpm	23c9304b14bfec2c06165e92916f1a6cf943509517649fbdc4b8dccb5fe9faa4	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-cdboot-2.06-77.0.1.el9.x86_64.rpm	23c9304b14bfec2c06165e92916f1a6cf943509517649fbdc4b8dccb5fe9faa4	-	ol9_x86_64_u4_baseos_base
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	463f770d0018fb0e0560843cc0b5a06ab945a7fad41fbbdb69aadb7c1b19b42b	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-modules-2.06-77.0.1.el9.noarch.rpm	463f770d0018fb0e0560843cc0b5a06ab945a7fad41fbbdb69aadb7c1b19b42b	-	ol9_x86_64_u4_baseos_base
	grub2-pc-2.06-77.0.1.el9.x86_64.rpm	0690cef6d8c9ee2944ee81f3fb59cd5df81f13f34f46a4dfdeff02ac7c5e708b	-	ol9_x86_64_baseos_latest
	grub2-pc-2.06-77.0.1.el9.x86_64.rpm	0690cef6d8c9ee2944ee81f3fb59cd5df81f13f34f46a4dfdeff02ac7c5e708b	-	ol9_x86_64_u4_baseos_base
	grub2-pc-modules-2.06-77.0.1.el9.noarch.rpm	b137428443dd59b1c6652997c325cf86cd8e9a0f34a98c2b550682977201f12f	-	ol9_x86_64_baseos_latest
	grub2-pc-modules-2.06-77.0.1.el9.noarch.rpm	b137428443dd59b1c6652997c325cf86cd8e9a0f34a98c2b550682977201f12f	-	ol9_x86_64_u4_baseos_base
	grub2-tools-2.06-77.0.1.el9.x86_64.rpm	abed79c45cde6f415d8e0767878526970ce9d6b080245401d44e45fd72cb88fe	-	ol9_x86_64_baseos_latest
	grub2-tools-2.06-77.0.1.el9.x86_64.rpm	abed79c45cde6f415d8e0767878526970ce9d6b080245401d44e45fd72cb88fe	-	ol9_x86_64_u4_baseos_base
	grub2-tools-efi-2.06-77.0.1.el9.x86_64.rpm	f1a6047e0c1015ab9619b2fd5a8b2e5f242ce463950105dcf46d763de5edd06b	-	ol9_x86_64_baseos_latest
	grub2-tools-efi-2.06-77.0.1.el9.x86_64.rpm	f1a6047e0c1015ab9619b2fd5a8b2e5f242ce463950105dcf46d763de5edd06b	-	ol9_x86_64_u4_baseos_base
	grub2-tools-extra-2.06-77.0.1.el9.x86_64.rpm	47979264621af575bcc250c15443f7e20c9fbbdc97fbe80a47269bcabfa1a4e7	-	ol9_x86_64_baseos_latest
	grub2-tools-extra-2.06-77.0.1.el9.x86_64.rpm	47979264621af575bcc250c15443f7e20c9fbbdc97fbe80a47269bcabfa1a4e7	-	ol9_x86_64_u4_baseos_base
	grub2-tools-minimal-2.06-77.0.1.el9.x86_64.rpm	0228eecb5116c824ff971d69fdc88a917c7ea5d6c5ecbbf49755f8fff3fc8fac	-	ol9_x86_64_baseos_latest
	grub2-tools-minimal-2.06-77.0.1.el9.x86_64.rpm	0228eecb5116c824ff971d69fdc88a917c7ea5d6c5ecbbf49755f8fff3fc8fac	-	ol9_x86_64_u4_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691