ELSA-2025-6990

ULN >
Oracle Linux Errata repository >
ELSA-2025-6990

ELSA-2025-6990 - grub2 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-05-16

Description

[2.06-104.0.1]
- Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
- Fix typo in SBAT metadata [Orabug: 37693946]
- Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
- net/dns: Fix removal of DNS server [Orabug: 37539625]
- net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625]
- net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625]
- net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625]
- efinet: close and reopen network card on failure [Orabug: 35126950], [Orabug: 37747175]
- efinet: Correct closing of SNP protocol [Orabug: 35126950], [Orabug: 37747175]
- Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566]
- Restore correct order of processing config files [Orabug: 36758359]
- Support setting custom kernels as default kernels [Orabug: 36043978]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.06-104]
- fs/xfs: Sync with latest xfs upstream
- Resolves: #RHEL-85960
- (NVR bump to catch up with zstream)

[2.06-100]
- ieee1275/ofnet: Fix grub_malloc() removed after added safe
- Resolves: #RHEL-83117

[2.06-99]
- Added the following 2 commits to optimize memory consumption
- tpm: Disable the tpm verifier if the TPM device is not present
- powerpc: increase MIN RMA size for CAS negotiation
- Resolves: #RHEL-76558

[2.06-98]
- Remove 'fs/ntfs: Implement attribute verification' patch
- Related: RHEL-83117

[2.06-97]
- fs/ext2: Rework out-of-bounds read for inline and external extents
- Related: RHEL-79857

[2.06-96]
- Fixes for several CVEs
- Resolves: CVE-2024-45779 CVE-2024-45778 CVE-2025-1118
- Resolves: CVE-2025-0677 CVE-2024-45782 CVE-2025-0690
- Resolves: CVE-2024-45783 CVE-2025-0624 CVE-2024-45776
- Resolves: CVE-2025-0622 CVE-2024-45774 CVE-2024-45775
- Resolves: CVE-2024-45781 CVE-2024-45780
- Resolves: #RHEL-79700
- Resolves: #RHEL-79341
- Resolves: #RHEL-79875
- Resolves: #RHEL-79849
- Resolves: #RHEL-79707
- Resolves: #RHEL-79857
- Resolves: #RHEL-79709
- Resolves: #RHEL-79846
- Resolves: #RHEL-75737
- Resolves: #RHEL-79713
- Resolves: #RHEL-73785
- Resolves: #RHEL-73787
- Resolves: #RHEL-79704
- Resolves: #RHEL-79702

[2.06-95]
- kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power
- Resolves: #RHEL-52761

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	grub2-2.06-104.0.1.el9_6.src.rpm	412d219d1afb7c297753a75e35d8b9dfe4dfc3f12292eb75940c5b6e0e0d3c21	-	ol9_aarch64_baseos_latest
	grub2-2.06-104.0.1.el9_6.src.rpm	412d219d1afb7c297753a75e35d8b9dfe4dfc3f12292eb75940c5b6e0e0d3c21	-	ol9_aarch64_u6_baseos_base
	grub2-common-2.06-104.0.1.el9_6.noarch.rpm	2561a6a7bb94109d5e9caf6dec3167eda323317717ece564172a3aaa76dc7d8a	-	ol9_aarch64_baseos_latest
	grub2-common-2.06-104.0.1.el9_6.noarch.rpm	2561a6a7bb94109d5e9caf6dec3167eda323317717ece564172a3aaa76dc7d8a	-	ol9_aarch64_u6_baseos_base
	grub2-efi-aa64-2.06-104.0.1.el9_6.aarch64.rpm	e4a9d6e7ab005334bd4cb88a34bdc0b6f0bdfd5efdbedb91e5a7a64693892165	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-2.06-104.0.1.el9_6.aarch64.rpm	e4a9d6e7ab005334bd4cb88a34bdc0b6f0bdfd5efdbedb91e5a7a64693892165	-	ol9_aarch64_u6_baseos_base
	grub2-efi-aa64-cdboot-2.06-104.0.1.el9_6.aarch64.rpm	c5b5e987a1d536d3758b5ef2451e06a0cdcd2e029fe4cbf16306c32ea140f871	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-cdboot-2.06-104.0.1.el9_6.aarch64.rpm	c5b5e987a1d536d3758b5ef2451e06a0cdcd2e029fe4cbf16306c32ea140f871	-	ol9_aarch64_u6_baseos_base
	grub2-efi-aa64-modules-2.06-104.0.1.el9_6.noarch.rpm	6f1aa5af768c49e7e889b1c8514b9020b23e62d720bd55d0573c0751351acd82	-	ol9_aarch64_baseos_latest
	grub2-efi-aa64-modules-2.06-104.0.1.el9_6.noarch.rpm	6f1aa5af768c49e7e889b1c8514b9020b23e62d720bd55d0573c0751351acd82	-	ol9_aarch64_u6_baseos_base
	grub2-efi-x64-modules-2.06-104.0.1.el9_6.noarch.rpm	4364b8ea7ae42b3ea7c052da913ffb72fb9b118fb5e9943522fab0160e453196	-	ol9_aarch64_baseos_latest
	grub2-efi-x64-modules-2.06-104.0.1.el9_6.noarch.rpm	4364b8ea7ae42b3ea7c052da913ffb72fb9b118fb5e9943522fab0160e453196	-	ol9_aarch64_u6_baseos_base
	grub2-tools-2.06-104.0.1.el9_6.aarch64.rpm	ad0e0ca9f803b8d4fc815a5c463f6c4a22405355e44940576bf438ad93724625	-	ol9_aarch64_baseos_latest
	grub2-tools-2.06-104.0.1.el9_6.aarch64.rpm	ad0e0ca9f803b8d4fc815a5c463f6c4a22405355e44940576bf438ad93724625	-	ol9_aarch64_u6_baseos_base
	grub2-tools-extra-2.06-104.0.1.el9_6.aarch64.rpm	51cb9da9db995004c6c3680ec8837d0e2e107b9258fd109f1e2f3cc2a20f58e4	-	ol9_aarch64_baseos_latest
	grub2-tools-extra-2.06-104.0.1.el9_6.aarch64.rpm	51cb9da9db995004c6c3680ec8837d0e2e107b9258fd109f1e2f3cc2a20f58e4	-	ol9_aarch64_u6_baseos_base
	grub2-tools-minimal-2.06-104.0.1.el9_6.aarch64.rpm	981f051df0418fd34497c4e3b6c4711a86587bbc44bbc1f6c62b0269073b2409	-	ol9_aarch64_baseos_latest
	grub2-tools-minimal-2.06-104.0.1.el9_6.aarch64.rpm	981f051df0418fd34497c4e3b6c4711a86587bbc44bbc1f6c62b0269073b2409	-	ol9_aarch64_u6_baseos_base

Oracle Linux 9 (x86_64)	grub2-2.06-104.0.1.el9_6.src.rpm	412d219d1afb7c297753a75e35d8b9dfe4dfc3f12292eb75940c5b6e0e0d3c21	-	ol9_x86_64_baseos_latest
	grub2-2.06-104.0.1.el9_6.src.rpm	412d219d1afb7c297753a75e35d8b9dfe4dfc3f12292eb75940c5b6e0e0d3c21	-	ol9_x86_64_u6_baseos_base
	grub2-common-2.06-104.0.1.el9_6.noarch.rpm	2561a6a7bb94109d5e9caf6dec3167eda323317717ece564172a3aaa76dc7d8a	-	ol9_x86_64_baseos_latest
	grub2-common-2.06-104.0.1.el9_6.noarch.rpm	2561a6a7bb94109d5e9caf6dec3167eda323317717ece564172a3aaa76dc7d8a	-	ol9_x86_64_u6_baseos_base
	grub2-efi-aa64-modules-2.06-104.0.1.el9_6.noarch.rpm	6f1aa5af768c49e7e889b1c8514b9020b23e62d720bd55d0573c0751351acd82	-	ol9_x86_64_baseos_latest
	grub2-efi-aa64-modules-2.06-104.0.1.el9_6.noarch.rpm	6f1aa5af768c49e7e889b1c8514b9020b23e62d720bd55d0573c0751351acd82	-	ol9_x86_64_u6_baseos_base
	grub2-efi-x64-2.06-104.0.1.el9_6.x86_64.rpm	3e9d4e5a25476eb462ebf3e05140622b586eccfa4ee23429cbea01072bececba	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-2.06-104.0.1.el9_6.x86_64.rpm	3e9d4e5a25476eb462ebf3e05140622b586eccfa4ee23429cbea01072bececba	-	ol9_x86_64_u6_baseos_base
	grub2-efi-x64-cdboot-2.06-104.0.1.el9_6.x86_64.rpm	597bbc8e9287ac774dfa7d986a724273ac82b6e86bc916f0dfa14cb8c11663e6	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-cdboot-2.06-104.0.1.el9_6.x86_64.rpm	597bbc8e9287ac774dfa7d986a724273ac82b6e86bc916f0dfa14cb8c11663e6	-	ol9_x86_64_u6_baseos_base
	grub2-efi-x64-modules-2.06-104.0.1.el9_6.noarch.rpm	4364b8ea7ae42b3ea7c052da913ffb72fb9b118fb5e9943522fab0160e453196	-	ol9_x86_64_baseos_latest
	grub2-efi-x64-modules-2.06-104.0.1.el9_6.noarch.rpm	4364b8ea7ae42b3ea7c052da913ffb72fb9b118fb5e9943522fab0160e453196	-	ol9_x86_64_u6_baseos_base
	grub2-pc-2.06-104.0.1.el9_6.x86_64.rpm	8b5ddffa0d272b17b1d4ca5b053e7c16db1c818d94a67c668ca2577b283b7ded	-	ol9_x86_64_baseos_latest
	grub2-pc-2.06-104.0.1.el9_6.x86_64.rpm	8b5ddffa0d272b17b1d4ca5b053e7c16db1c818d94a67c668ca2577b283b7ded	-	ol9_x86_64_u6_baseos_base
	grub2-pc-modules-2.06-104.0.1.el9_6.noarch.rpm	5badefb6e4d4911ef9f0ef1fd06fde308d98c41e14f4943e6c431fbff24d6853	-	ol9_x86_64_baseos_latest
	grub2-pc-modules-2.06-104.0.1.el9_6.noarch.rpm	5badefb6e4d4911ef9f0ef1fd06fde308d98c41e14f4943e6c431fbff24d6853	-	ol9_x86_64_u6_baseos_base
	grub2-tools-2.06-104.0.1.el9_6.x86_64.rpm	bbd7db4efa9c64a77c810d2f9b36d11ca15fb63432d8f17b4ec8a2c266eac9c6	-	ol9_x86_64_baseos_latest
	grub2-tools-2.06-104.0.1.el9_6.x86_64.rpm	bbd7db4efa9c64a77c810d2f9b36d11ca15fb63432d8f17b4ec8a2c266eac9c6	-	ol9_x86_64_u6_baseos_base
	grub2-tools-efi-2.06-104.0.1.el9_6.x86_64.rpm	a83145cb71c3a90249914f3dbb77525b8a3946d0082393790ef4518f67c64e8e	-	ol9_x86_64_baseos_latest
	grub2-tools-efi-2.06-104.0.1.el9_6.x86_64.rpm	a83145cb71c3a90249914f3dbb77525b8a3946d0082393790ef4518f67c64e8e	-	ol9_x86_64_u6_baseos_base
	grub2-tools-extra-2.06-104.0.1.el9_6.x86_64.rpm	7eee11d00dd124294a916bf62bd7aae75740c4693ee6478ea4c7544e12d9cc30	-	ol9_x86_64_baseos_latest
	grub2-tools-extra-2.06-104.0.1.el9_6.x86_64.rpm	7eee11d00dd124294a916bf62bd7aae75740c4693ee6478ea4c7544e12d9cc30	-	ol9_x86_64_u6_baseos_base
	grub2-tools-minimal-2.06-104.0.1.el9_6.x86_64.rpm	391435b3b24d1bdbc6419b7a7ae6643c0c3909bf7cf33a801b01408aec4245ca	-	ol9_x86_64_baseos_latest
	grub2-tools-minimal-2.06-104.0.1.el9_6.x86_64.rpm	391435b3b24d1bdbc6419b7a7ae6643c0c3909bf7cf33a801b01408aec4245ca	-	ol9_x86_64_u6_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691