Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5096: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
  • CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
  • CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap
  • CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets
  • CVE-2022-28734: grub2: Out-of-bound write when handling split HTTP headers
  • CVE-2022-28735: grub2: shim_lock verifier allows non-kernel files to be loaded
  • CVE-2022-28736: grub2: use-after-free in grub_cmd_chainloader()
  • CVE-2022-28737: shim: Buffer overflow when loading crafted EFI images
Red Hat Security Data
#vulnerability#linux#red_hat#buffer_overflow#sap

Synopsis

Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

  • grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)
  • grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)
  • grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)
  • grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)
  • grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)
  • grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)
  • grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)
  • shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64

Fixes

  • BZ - 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
  • BZ - 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
  • BZ - 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap
  • BZ - 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets
  • BZ - 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers
  • BZ - 2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded
  • BZ - 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images
  • BZ - 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader()

CVEs

  • CVE-2021-3695
  • CVE-2021-3696
  • CVE-2021-3697
  • CVE-2022-28733
  • CVE-2022-28734
  • CVE-2022-28735
  • CVE-2022-28736
  • CVE-2022-28737

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

mokutil-0.3.0-11.el8_4.1.src.rpm

SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12

shim-15.6-1.el8.src.rpm

SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068

x86_64

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976

grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm

SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995

grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm

SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a

grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-2.02-99.el8_4.9.x86_64.rpm

SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3

grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5

grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176

grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25

grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm

SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750

grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469

mokutil-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f

mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943

mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009

shim-ia32-15.6-1.el8.x86_64.rpm

SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b

shim-x64-15.6-1.el8.x86_64.rpm

SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

mokutil-0.3.0-11.el8_4.1.src.rpm

SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12

shim-15.6-1.el8.src.rpm

SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068

x86_64

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976

grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm

SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995

grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm

SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a

grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-2.02-99.el8_4.9.x86_64.rpm

SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3

grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5

grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176

grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25

grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm

SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750

grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469

mokutil-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f

mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943

mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009

shim-ia32-15.6-1.el8.x86_64.rpm

SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b

shim-x64-15.6-1.el8.x86_64.rpm

SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

ppc64le

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: f217436e50549ce89eae8cf5ce9278bae37958e0bafb9383789d97d6b99e3aba

grub2-debugsource-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: f7723c794886ea74bacb48244fd4c34e25b579c5dd798dd691dbe80b1743f7b9

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: bdff27df2c551e8b607a9316505bc7e8ec1ec8a9c16059758cae6236922a7482

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: adc5a45e1e733c921ddd87926744bd88718a69816f16c18cbd1882c5fdc798d0

grub2-tools-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 6178abdcd476366499812cf448c45492768a21d4bb5c572e767ce2ac04e82dac

grub2-tools-extra-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 7891ee53bb2df46739644aeeade9474b69d5ecb1f2972685455bd98e09a5204d

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 4e7c01ae759b82e327e64b768573cd6a25ecc82523ab0ad1defb74cb4a5fc485

grub2-tools-minimal-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 5f6c19139e03cf862a8c0c9e959e115ab145509904804e69b7137ae35e4e9866

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: a87fa3445cf82ee09f2e317c6d512ae8a3ab6d3adbf3aaef4d92eb349eeda2ff

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

mokutil-0.3.0-11.el8_4.1.src.rpm

SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12

shim-15.6-1.el8.src.rpm

SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068

x86_64

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976

grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm

SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995

grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm

SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a

grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-2.02-99.el8_4.9.x86_64.rpm

SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3

grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5

grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176

grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25

grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm

SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750

grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469

mokutil-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f

mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943

mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009

shim-ia32-15.6-1.el8.x86_64.rpm

SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b

shim-x64-15.6-1.el8.x86_64.rpm

SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

mokutil-0.3.0-11.el8_4.1.src.rpm

SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12

shim-15.6-1.el8.src.rpm

SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068

aarch64

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 9f1572ae4dd8aeb112bccb3a09d1c78c3a4e89a43eddb81d320bd43f5c049e1d

grub2-debugsource-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 961005185ebd747ec606299c393200e826ca237862a762ece46ff4053f66ff0c

grub2-efi-aa64-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 16ecfd839001b77cc816c625ed421f0bd9474aaad2dffa8c3c0f70ace805d6b5

grub2-efi-aa64-cdboot-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 1a6111cb7ea4770eddd03e2ade32df9710d83fb7b42f31070f0ad9c21c9f53ff

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 564aca417d759f41637eb900fd70d82cc6734050b728da6a13eab1cc7231dc81

grub2-tools-debuginfo-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 310df25368bbef4b7b148a3ce3272b2fb391707f15a109b1b38ae75f3ee6ec5d

grub2-tools-extra-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 68f8a1e887ffd1b21c49bc6e0107eb9d72a61205196ec93e42409feaae06ab8d

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 692f61769fdbe8634127cd083f900e62b01f0b60dafd2ba69ef295eca665ce97

grub2-tools-minimal-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 18e817a7b87b575a526cb4cbfc715200928629fece6b01a31a919e8fbb2951cc

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.aarch64.rpm

SHA-256: 86f7919444d61e0334e35c11ee9934c3023149184a61d28b694b91dc97617205

mokutil-0.3.0-11.el8_4.1.aarch64.rpm

SHA-256: fff9c8bcc9fb904f44329da393232e6150d4a80d0151e9495ea70ad24b455804

mokutil-debuginfo-0.3.0-11.el8_4.1.aarch64.rpm

SHA-256: 94d3f2157d538f80d31c99625b57f0bd892a7264e91ee3e8af7d0dbf2f9a620e

mokutil-debugsource-0.3.0-11.el8_4.1.aarch64.rpm

SHA-256: ceb295efb4475ed5a83a2b9008290fabc5f212f262d3fc2cd7b6954bfc6f118d

shim-aa64-15.6-1.el8.aarch64.rpm

SHA-256: fa746bdbe84370e415f826f411f032192108db5d58e3f752909face11aae2325

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

ppc64le

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: f217436e50549ce89eae8cf5ce9278bae37958e0bafb9383789d97d6b99e3aba

grub2-debugsource-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: f7723c794886ea74bacb48244fd4c34e25b579c5dd798dd691dbe80b1743f7b9

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: bdff27df2c551e8b607a9316505bc7e8ec1ec8a9c16059758cae6236922a7482

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: adc5a45e1e733c921ddd87926744bd88718a69816f16c18cbd1882c5fdc798d0

grub2-tools-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 6178abdcd476366499812cf448c45492768a21d4bb5c572e767ce2ac04e82dac

grub2-tools-extra-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 7891ee53bb2df46739644aeeade9474b69d5ecb1f2972685455bd98e09a5204d

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 4e7c01ae759b82e327e64b768573cd6a25ecc82523ab0ad1defb74cb4a5fc485

grub2-tools-minimal-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: 5f6c19139e03cf862a8c0c9e959e115ab145509904804e69b7137ae35e4e9866

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.ppc64le.rpm

SHA-256: a87fa3445cf82ee09f2e317c6d512ae8a3ab6d3adbf3aaef4d92eb349eeda2ff

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

grub2-2.02-99.el8_4.9.src.rpm

SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c

mokutil-0.3.0-11.el8_4.1.src.rpm

SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12

shim-15.6-1.el8.src.rpm

SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068

x86_64

grub2-common-2.02-99.el8_4.9.noarch.rpm

SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44

grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976

grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm

SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a

grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80

grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995

grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23

grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2

grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm

SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a

grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae

grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a

grub2-pc-2.02-99.el8_4.9.x86_64.rpm

SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441

grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976

grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm

SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313

grub2-tools-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3

grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5

grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176

grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25

grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm

SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4

grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750

grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040

grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm

SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469

mokutil-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f

mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943

mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm

SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009

shim-ia32-15.6-1.el8.x86_64.rpm

SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b

shim-x64-15.6-1.el8.x86_64.rpm

SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4

SRPM

shim-unsigned-x64-15.6-1.el8.src.rpm

SHA-256: f4d62797e0ee2d2f17b478027c87744aa1bd5b5ef968f9ad29305e97f73e172c

x86_64

shim-unsigned-x64-15.6-1.el8.x86_64.rpm

SHA-256: 24fd275b673bee6c5529f664f44dae758b5106156f0501d6a6a76620213e1b3c

Related news

Patch management needs a revolution, part 3: Vulnerability scores and the concept of trust

This is the third part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesVulnerability ratings are the foundation for a good risk-based vulnerability management program, especially if they’re from a trusted party. Recently I was discussing this topic with a customer and they said they practiced Zero Trust, as if to explain why they could not trust our ratings. The irony, however, is that they did use National Vulnerabilit

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Ubuntu Security Notice USN-6355-1

Ubuntu Security Notice 6355-1 - Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause buffer underwrite which allows arbitrary data to be written to a heap. A local attacker could possibly use this to circumvent secure boot protections.

CVE-2022-28733: oss-security - [SECURITY PATCH 00/30] Multiple GRUB2 vulnerabilities

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

CVE-2023-32449: DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2022-34456: DSA-2022-267: Dell EMC Metronode VS5 Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

RHSA-2022:8900: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets

Gentoo Linux Security Advisory 202209-12

Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

RHSA-2022:5678: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.1]

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code * CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets

RHSA-2022:5531: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account

CVE-2021-3696: Invalid Bug ID

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

CVE-2021-3697: Invalid Bug ID

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Red Hat Security Advisory 2022-5392-01

Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.

RHSA-2022:5392: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...

RHSA-2022:5201: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...

Red Hat Security Advisory 2022-5099-01

Red Hat Security Advisory 2022-5099-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5100-01

Red Hat Security Advisory 2022-5100-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5095-01

Red Hat Security Advisory 2022-5095-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5096-01

Red Hat Security Advisory 2022-5096-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5098-01

Red Hat Security Advisory 2022-5098-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5100: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5095: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5099: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...

RHSA-2022:5098: Red Hat Security Advisory: grub2, mokutil, and shim security update

An update for grub2, mokutil, and shim is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: I...