Headline
RHSA-2022:5096: Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
- CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
- CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap
- CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets
- CVE-2022-28734: grub2: Out-of-bound write when handling split HTTP headers
- CVE-2022-28735: grub2: shim_lock verifier allows non-kernel files to be loaded
- CVE-2022-28736: grub2: use-after-free in grub_cmd_chainloader()
- CVE-2022-28737: shim: Buffer overflow when loading crafted EFI images
Synopsis
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
- grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)
- grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)
- grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)
- grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)
- grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)
- grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)
- grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)
- shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
Fixes
- BZ - 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
- BZ - 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
- BZ - 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap
- BZ - 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets
- BZ - 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers
- BZ - 2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded
- BZ - 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images
- BZ - 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader()
CVEs
- CVE-2021-3695
- CVE-2021-3696
- CVE-2021-3697
- CVE-2022-28733
- CVE-2022-28734
- CVE-2022-28735
- CVE-2022-28736
- CVE-2022-28737
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
mokutil-0.3.0-11.el8_4.1.src.rpm
SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12
shim-15.6-1.el8.src.rpm
SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068
x86_64
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976
grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm
SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995
grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm
SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a
grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-2.02-99.el8_4.9.x86_64.rpm
SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3
grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5
grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176
grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25
grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm
SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750
grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469
mokutil-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f
mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943
mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009
shim-ia32-15.6-1.el8.x86_64.rpm
SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b
shim-x64-15.6-1.el8.x86_64.rpm
SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
mokutil-0.3.0-11.el8_4.1.src.rpm
SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12
shim-15.6-1.el8.src.rpm
SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068
x86_64
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976
grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm
SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995
grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm
SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a
grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-2.02-99.el8_4.9.x86_64.rpm
SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3
grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5
grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176
grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25
grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm
SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750
grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469
mokutil-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f
mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943
mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009
shim-ia32-15.6-1.el8.x86_64.rpm
SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b
shim-x64-15.6-1.el8.x86_64.rpm
SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
ppc64le
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: f217436e50549ce89eae8cf5ce9278bae37958e0bafb9383789d97d6b99e3aba
grub2-debugsource-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: f7723c794886ea74bacb48244fd4c34e25b579c5dd798dd691dbe80b1743f7b9
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: bdff27df2c551e8b607a9316505bc7e8ec1ec8a9c16059758cae6236922a7482
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: adc5a45e1e733c921ddd87926744bd88718a69816f16c18cbd1882c5fdc798d0
grub2-tools-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 6178abdcd476366499812cf448c45492768a21d4bb5c572e767ce2ac04e82dac
grub2-tools-extra-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 7891ee53bb2df46739644aeeade9474b69d5ecb1f2972685455bd98e09a5204d
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 4e7c01ae759b82e327e64b768573cd6a25ecc82523ab0ad1defb74cb4a5fc485
grub2-tools-minimal-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 5f6c19139e03cf862a8c0c9e959e115ab145509904804e69b7137ae35e4e9866
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: a87fa3445cf82ee09f2e317c6d512ae8a3ab6d3adbf3aaef4d92eb349eeda2ff
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
mokutil-0.3.0-11.el8_4.1.src.rpm
SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12
shim-15.6-1.el8.src.rpm
SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068
x86_64
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976
grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm
SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995
grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm
SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a
grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-2.02-99.el8_4.9.x86_64.rpm
SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3
grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5
grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176
grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25
grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm
SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750
grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469
mokutil-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f
mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943
mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009
shim-ia32-15.6-1.el8.x86_64.rpm
SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b
shim-x64-15.6-1.el8.x86_64.rpm
SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
mokutil-0.3.0-11.el8_4.1.src.rpm
SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12
shim-15.6-1.el8.src.rpm
SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068
aarch64
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 9f1572ae4dd8aeb112bccb3a09d1c78c3a4e89a43eddb81d320bd43f5c049e1d
grub2-debugsource-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 961005185ebd747ec606299c393200e826ca237862a762ece46ff4053f66ff0c
grub2-efi-aa64-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 16ecfd839001b77cc816c625ed421f0bd9474aaad2dffa8c3c0f70ace805d6b5
grub2-efi-aa64-cdboot-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 1a6111cb7ea4770eddd03e2ade32df9710d83fb7b42f31070f0ad9c21c9f53ff
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 564aca417d759f41637eb900fd70d82cc6734050b728da6a13eab1cc7231dc81
grub2-tools-debuginfo-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 310df25368bbef4b7b148a3ce3272b2fb391707f15a109b1b38ae75f3ee6ec5d
grub2-tools-extra-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 68f8a1e887ffd1b21c49bc6e0107eb9d72a61205196ec93e42409feaae06ab8d
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 692f61769fdbe8634127cd083f900e62b01f0b60dafd2ba69ef295eca665ce97
grub2-tools-minimal-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 18e817a7b87b575a526cb4cbfc715200928629fece6b01a31a919e8fbb2951cc
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.aarch64.rpm
SHA-256: 86f7919444d61e0334e35c11ee9934c3023149184a61d28b694b91dc97617205
mokutil-0.3.0-11.el8_4.1.aarch64.rpm
SHA-256: fff9c8bcc9fb904f44329da393232e6150d4a80d0151e9495ea70ad24b455804
mokutil-debuginfo-0.3.0-11.el8_4.1.aarch64.rpm
SHA-256: 94d3f2157d538f80d31c99625b57f0bd892a7264e91ee3e8af7d0dbf2f9a620e
mokutil-debugsource-0.3.0-11.el8_4.1.aarch64.rpm
SHA-256: ceb295efb4475ed5a83a2b9008290fabc5f212f262d3fc2cd7b6954bfc6f118d
shim-aa64-15.6-1.el8.aarch64.rpm
SHA-256: fa746bdbe84370e415f826f411f032192108db5d58e3f752909face11aae2325
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
ppc64le
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: f217436e50549ce89eae8cf5ce9278bae37958e0bafb9383789d97d6b99e3aba
grub2-debugsource-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: f7723c794886ea74bacb48244fd4c34e25b579c5dd798dd691dbe80b1743f7b9
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: bdff27df2c551e8b607a9316505bc7e8ec1ec8a9c16059758cae6236922a7482
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: adc5a45e1e733c921ddd87926744bd88718a69816f16c18cbd1882c5fdc798d0
grub2-tools-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 6178abdcd476366499812cf448c45492768a21d4bb5c572e767ce2ac04e82dac
grub2-tools-extra-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 7891ee53bb2df46739644aeeade9474b69d5ecb1f2972685455bd98e09a5204d
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 4e7c01ae759b82e327e64b768573cd6a25ecc82523ab0ad1defb74cb4a5fc485
grub2-tools-minimal-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: 5f6c19139e03cf862a8c0c9e959e115ab145509904804e69b7137ae35e4e9866
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.ppc64le.rpm
SHA-256: a87fa3445cf82ee09f2e317c6d512ae8a3ab6d3adbf3aaef4d92eb349eeda2ff
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
grub2-2.02-99.el8_4.9.src.rpm
SHA-256: 0a07c20c604177554832e4513b04af2816c032a104c840a91808fc830034aa6c
mokutil-0.3.0-11.el8_4.1.src.rpm
SHA-256: 407848d3945859220cc6685da27a43d3fe93d40ee1073bf2286002d6fd5c9a12
shim-15.6-1.el8.src.rpm
SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068
x86_64
grub2-common-2.02-99.el8_4.9.noarch.rpm
SHA-256: 417e885d3ebdbe70bae41aea7660f9cbe8c54e653eb61b7c5aee735118040b44
grub2-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 2375b9b2fe1858d03ebea2fdc9c101e3e794e776918fb6238e56e3611107d976
grub2-debugsource-2.02-99.el8_4.9.x86_64.rpm
SHA-256: ebc776fa4285d0fa9abdad84153aa4c8c2736d6260ca84e27193cb2dd70bf73a
grub2-efi-aa64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 0c540baf5e1a49d98c892fa7b25cd3443d3ba8c2c777070c399ca384bced9c80
grub2-efi-ia32-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 8ee6416d51d200ee0ba4d9e736594b18b926c7588f594ebd1ef2e8243a74c995
grub2-efi-ia32-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 22e8cfc0f3a35ad3edf6b15bcac1786f6d8e427490b0dcff7c7366eb2335ad23
grub2-efi-ia32-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 57ed6c9464606b07c77244b5ad9589f6bb6ab1647931389cfaa38e63e68f23f2
grub2-efi-x64-2.02-99.el8_4.9.x86_64.rpm
SHA-256: a4cd1fb00b82434395cc35c92250aeb8b086f368efef1ae9af2d94506731078a
grub2-efi-x64-cdboot-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 7f901ffcc486cd997273c5545e806222075fddf01336d2fb8646f5bd9d52a4ae
grub2-efi-x64-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: d6bcc1ddfca3962a39b87982f109dfa6b9ad1c9d85b59eee9c9650ed175c461a
grub2-pc-2.02-99.el8_4.9.x86_64.rpm
SHA-256: c7042e2cd619ef1f4c06190bfcb59cde7d5b85a8edcb6485f88a849605257441
grub2-pc-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: b6d3b98e5755413366dc5d2892d3c939a7b38c3c8abd8bf2791689f245153976
grub2-ppc64le-modules-2.02-99.el8_4.9.noarch.rpm
SHA-256: 3a17bfc84b5c2d7506fa4a73876469c2df8afba4fb92346603b77ffe5b328313
grub2-tools-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 5687f0cd57e695257859334af8bda5375f67cbc0c997e5ff389bbd66b2fffba3
grub2-tools-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 09a66a4864ee78efc8a905e6edbaef372d2213d0170c06fed0b304ed120637b5
grub2-tools-efi-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 6dd4b31329342d755f3e664cd924ee32d96e006aec192f526af313ca9b390176
grub2-tools-efi-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: f26215da03bed8117652d1eff27022a9acbfdd66cf300d4f0ae29e136d9e5c25
grub2-tools-extra-2.02-99.el8_4.9.x86_64.rpm
SHA-256: e495ca8e59611cf252a54f680062af8369ac5099b6737f115d008271658aa2d4
grub2-tools-extra-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 669575fa04f161b27e3d760f124c3594c2d20e333d014d1b589d16a777cf5750
grub2-tools-minimal-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 428974ab3313c567b0fd14ec3a2418a0e6ec2199dd02276d67a670e162784040
grub2-tools-minimal-debuginfo-2.02-99.el8_4.9.x86_64.rpm
SHA-256: 93a84ed38d2561232eef898df7711b77654827adaf3c99d895b1d08da41ef469
mokutil-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 0ad8e9def5ca9b6f2f437c504a7868c988f21ffc7dd5642e15907b0959ab2f6f
mokutil-debuginfo-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 82e50bfffbfe3e03d566e68cbcd91ceedceb12d1f58f6781dbc0365001a2a943
mokutil-debugsource-0.3.0-11.el8_4.1.x86_64.rpm
SHA-256: 417d0a6c068300e1cf85bbc556ed4ecc4aac45a48fa3bcee0ae68780f8a71009
shim-ia32-15.6-1.el8.x86_64.rpm
SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b
shim-x64-15.6-1.el8.x86_64.rpm
SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4
SRPM
shim-unsigned-x64-15.6-1.el8.src.rpm
SHA-256: f4d62797e0ee2d2f17b478027c87744aa1bd5b5ef968f9ad29305e97f73e172c
x86_64
shim-unsigned-x64-15.6-1.el8.x86_64.rpm
SHA-256: 24fd275b673bee6c5529f664f44dae758b5106156f0501d6a6a76620213e1b3c
Related news
This is the third part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesVulnerability ratings are the foundation for a good risk-based vulnerability management program, especially if they’re from a trusted party. Recently I was discussing this topic with a customer and they said they practiced Zero Trust, as if to explain why they could not trust our ratings. The irony, however, is that they did use National Vulnerabilit
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Ubuntu Security Notice 6355-1 - Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause buffer underwrite which allows arbitrary data to be written to a heap. A local attacker could possibly use this to circumvent secure boot protections.
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets
Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code * CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...
Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...
Red Hat Security Advisory 2022-5099-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5100-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5095-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5096-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5098-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733:...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: Integer underflow ...
An update for grub2, mokutil, and shim is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap * CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling * CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap * CVE-2022-28733: grub2: I...