Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0049: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
  • CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#buffer_overflow

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-09

Updated:

2023-01-09

RHSA-2023:0049 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: grub2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grub2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

  • grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
  • grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
  • BZ - 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

Red Hat Enterprise Linux for x86_64 8

SRPM

grub2-2.02-142.el8_7.1.src.rpm

SHA-256: 395ebae5c3bd01c098c17ce8dd3abf8b3b57c3ad21bf53554923a23171eeff29

x86_64

grub2-common-2.02-142.el8_7.1.noarch.rpm

SHA-256: 93437d5082beac210741eef2abd9007be80579d06b0aeffc46ce8ad3466c8188

grub2-debuginfo-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 9e65b7dd778c94782f5f0dc807bac5be7ef88251813d38152c67dc5beded4ac8

grub2-debugsource-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 4d56faa5b3d17c243129c6334b89158cf9aada1b0ac125e3537ccea2d3da47c2

grub2-efi-aa64-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 890dfa93540862b893435e173a011e5e2fb796e44bcc62f47d84b01ccf784625

grub2-efi-ia32-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 411c94740b885aef2deae8b6753f15eccb6c6bed0fed16fe884809f7ece16454

grub2-efi-ia32-cdboot-2.02-142.el8_7.1.x86_64.rpm

SHA-256: fc6afc7d82b22f4e4d51bc0df91770878d11276a2f456f34336550d8319893f3

grub2-efi-ia32-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 5bb7f0f3504b9924e0c7255b071fb11f5bbcc5aa5206e914d2d0f2dba84bcc25

grub2-efi-x64-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 4b4b4333e6bcb7ab6d0d72d7507520938b1dc6c9903a35d787c9396e3f09ce00

grub2-efi-x64-cdboot-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 4f6b018800edb2aee2b9ee63e11fb0402aefcbcb2675f99b35370b0fc0178ffd

grub2-efi-x64-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: ba601c61a0f7b5df8d52e09145e21f3bcfe7586b1a9156f00f1bb3b4067a8818

grub2-pc-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 0ce5d7a7d383bcf67d100e9e40f338d1efff3dfbee98809a4e577082befc7372

grub2-pc-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 4f37be2dcde30345f82230d0e3d29653b61df3d136171446b23ae36912bf23e7

grub2-ppc64le-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: fdd16dced9172d506bb7f18b2074cdd94f9b5c9d3d1cf3f7ca041dbd0d9af4d4

grub2-tools-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 1ca4ca2b74c51427351f99bc08b75162be21ca071414ee8ce78cfbdf689dfa86

grub2-tools-debuginfo-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 4bb50f8bc88c0452d16af1db1f6a5dd35c6887471d452bf21e5c390e277e7770

grub2-tools-efi-2.02-142.el8_7.1.x86_64.rpm

SHA-256: ef135a9498dad2bb5aaa4ecef808b4ce5bccd9169691b8fb1c83e5c3f0f33f92

grub2-tools-efi-debuginfo-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 3ecfbe89cf303b4fd82d886f6e476b6e73188e996a6bc7ab4f0638fd6e7ffe7d

grub2-tools-extra-2.02-142.el8_7.1.x86_64.rpm

SHA-256: ef628647e7da1a40a2cde696b6d7dd870bd5ef2dbff4b8de7eb2a20257598d9c

grub2-tools-extra-debuginfo-2.02-142.el8_7.1.x86_64.rpm

SHA-256: ed68c17737f40598e64edc053f205b090d0237fa16d64e79f3001dd5ac279894

grub2-tools-minimal-2.02-142.el8_7.1.x86_64.rpm

SHA-256: c53363e7fc684706bb2125bcf9f35335fc42e59d55517d4b0c32dda459fcc884

grub2-tools-minimal-debuginfo-2.02-142.el8_7.1.x86_64.rpm

SHA-256: 5de9a69782da96b34a1c1417d47f7281855c3f9b0ecbdf0b87968f88e2708ace

Red Hat Enterprise Linux for Power, little endian 8

SRPM

grub2-2.02-142.el8_7.1.src.rpm

SHA-256: 395ebae5c3bd01c098c17ce8dd3abf8b3b57c3ad21bf53554923a23171eeff29

ppc64le

grub2-common-2.02-142.el8_7.1.noarch.rpm

SHA-256: 93437d5082beac210741eef2abd9007be80579d06b0aeffc46ce8ad3466c8188

grub2-debuginfo-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 50a35417fdc3b1b605060723a399b68989e84310ff4f1341e133e4adddbd44c9

grub2-debugsource-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 4a112d35916a149c79aa6a7c4957078e3781b7a4afb755563916f22ce29b1091

grub2-efi-aa64-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 890dfa93540862b893435e173a011e5e2fb796e44bcc62f47d84b01ccf784625

grub2-efi-ia32-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 5bb7f0f3504b9924e0c7255b071fb11f5bbcc5aa5206e914d2d0f2dba84bcc25

grub2-efi-x64-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: ba601c61a0f7b5df8d52e09145e21f3bcfe7586b1a9156f00f1bb3b4067a8818

grub2-pc-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 4f37be2dcde30345f82230d0e3d29653b61df3d136171446b23ae36912bf23e7

grub2-ppc64le-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 64532fee5ce718805c4e6952a77708eb73a27faa145e2d49540d80e88c2b4019

grub2-ppc64le-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: fdd16dced9172d506bb7f18b2074cdd94f9b5c9d3d1cf3f7ca041dbd0d9af4d4

grub2-tools-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 9e26246ee9b7676f852d5107d613c9dfe6b9b0901e0de03b19fdc362e15ba35c

grub2-tools-debuginfo-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 2874af9045023943acb9cae5f3571b932c3edd2d4b610b8ed283807f8a1d8afd

grub2-tools-extra-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 0619cb2fdd4ba69d64804a55b07168a07e2e64ad180491ce42a2b9286324c866

grub2-tools-extra-debuginfo-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: a7f398c7d9b4cecbe5ae5b8ce91d064967f9c88209267ff0b5f141863d06e964

grub2-tools-minimal-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 7703788139fd03aa47fe15969410fe9f00225ab0f1d71b658559e9d1a4d57337

grub2-tools-minimal-debuginfo-2.02-142.el8_7.1.ppc64le.rpm

SHA-256: 39fa98962636d14f04e255289621ed18d3192b6ef582cfd2b18a22419e1c1520

Red Hat Enterprise Linux for ARM 64 8

SRPM

grub2-2.02-142.el8_7.1.src.rpm

SHA-256: 395ebae5c3bd01c098c17ce8dd3abf8b3b57c3ad21bf53554923a23171eeff29

aarch64

grub2-common-2.02-142.el8_7.1.noarch.rpm

SHA-256: 93437d5082beac210741eef2abd9007be80579d06b0aeffc46ce8ad3466c8188

grub2-debuginfo-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 095cc1885d44718ecca0cccbac99c28513c425acf883a8ddde954d9a4b002686

grub2-debugsource-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 31fa84f9f12232c3b2c6c497b16518d42f0665904ec1f8456ad5a78a4a03d08e

grub2-efi-aa64-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 93cb262f0ccb25b4fe87ce21995f4acefdcad37fc008e49fcebe0e38512fda7d

grub2-efi-aa64-cdboot-2.02-142.el8_7.1.aarch64.rpm

SHA-256: e7aa2d5c519d86670ae939480ca46b6bd3d90af955773e1df4fa6f50ffba3bba

grub2-efi-aa64-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 890dfa93540862b893435e173a011e5e2fb796e44bcc62f47d84b01ccf784625

grub2-efi-ia32-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 5bb7f0f3504b9924e0c7255b071fb11f5bbcc5aa5206e914d2d0f2dba84bcc25

grub2-efi-x64-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: ba601c61a0f7b5df8d52e09145e21f3bcfe7586b1a9156f00f1bb3b4067a8818

grub2-pc-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: 4f37be2dcde30345f82230d0e3d29653b61df3d136171446b23ae36912bf23e7

grub2-ppc64le-modules-2.02-142.el8_7.1.noarch.rpm

SHA-256: fdd16dced9172d506bb7f18b2074cdd94f9b5c9d3d1cf3f7ca041dbd0d9af4d4

grub2-tools-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 1d2ad280ed4b53bb32ed090834e1b0cf486e6f1d3a196e2ddaad43381f7113b0

grub2-tools-debuginfo-2.02-142.el8_7.1.aarch64.rpm

SHA-256: d21ea9abd54f9dc7d2eb7e500bde72a359f54c2bef4e03154fd8802ab6d88aff

grub2-tools-extra-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 3d11f7799b31005d711f2afc27b9436a3345d519095fa42ee80ec79a5d1acb80

grub2-tools-extra-debuginfo-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 23dfc8a05f4282a6a65143c556c71d0bf029920548ffdb2fb1f6fdf5610f1940

grub2-tools-minimal-2.02-142.el8_7.1.aarch64.rpm

SHA-256: 13cd7464dd6bed35a4c9c9d4d317ba5bec987d75ece3c05a87df8310c1c799f1

grub2-tools-minimal-debuginfo-2.02-142.el8_7.1.aarch64.rpm

SHA-256: cf26b8a2615eb464cf68de6f7fbf4bfc617a21e49830ca05bb348b6cc8f2af34

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-2002-03

Red Hat Security Advisory 2024-2002-03 - An update for grub2 is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow and bypass vulnerabilities.

Gentoo Linux Security Advisory 202311-14

Gentoo Linux Security Advisory 202311-14 - Multiple vulnerabilities have been discovered in GRUB, which may lead to secure boot circumvention or code execution. Versions greater than or equal to 2.06-r9 are affected.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

Red Hat Security Advisory 2023-0752-01

Red Hat Security Advisory 2023-0752-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0049-01

Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

RHSA-2023:0047: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2023:0047: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2023:0048: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2023:0048: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

CVE-2022-3775: Red Hat Customer Portal - Access to 24x7 support and knowledge

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

CVE-2022-2601: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Red Hat Security Advisory 2022-8978-01

Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2022-8978-01

Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

RHSA-2022:8978: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2022:8978: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

Red Hat Security Advisory 2022-8800-01

Red Hat Security Advisory 2022-8800-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

RHSA-2022:8800: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain...

RHSA-2022:8800: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain...

Red Hat Security Advisory 2022-8494-01

Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2022-8494-01

Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Debian Security Advisory 5280-1

Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.

Debian Security Advisory 5280-1

Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.

RHSA-2022:8494: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2022:8494: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences