ALSA-2022:5095

[ALSA-2022:5095] Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

Type:

security

Severity:

important

Release date:

2022-08-23

Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)
* grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)
* grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)
* grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)
* grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)
* grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)
* grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)
* shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	grub2-efi-aa64-2.02-123.el8_6.8.alma.aarch64.rpm	01d932816013c60e705a26e1a7508cbfc9f06ea694f6a727b544a335c7493aa5
aarch64	grub2-efi-aa64-cdboot-2.02-123.el8_6.8.alma.aarch64.rpm	1f15671640f59dbe7b2567e348e00d9f28eab28bb8ad4109edd79586a0408587
aarch64	grub2-tools-extra-2.02-123.el8_6.8.alma.aarch64.rpm	54059a6ad82093fc98d93949249efaf1d735319e49daa88550c945609f950e57
aarch64	grub2-tools-2.02-123.el8_6.8.alma.aarch64.rpm	62ef7e284609117412c6358bce077dcf8d0bfcd5b61f782d28bc14693829d941
aarch64	grub2-tools-minimal-2.02-123.el8_6.8.alma.aarch64.rpm	822e8b733084af75db702d180bb056f09150e953819ed81006670b2673ce3255
aarch64	shim-aa64-15.6-1.el8.alma.aarch64.rpm	f4084a74c3d89d5906fb6dc251f567111bed569a7f6e833ad71a9b57ca17d648
noarch	grub2-efi-ia32-modules-2.02-123.el8_6.8.alma.noarch.rpm	2bb139d6069422b4071d26aebfa7ae476ff70b02bd20e9059994ad51e2e2ac6b
noarch	grub2-common-2.02-123.el8_6.8.alma.noarch.rpm	3dbe99ef4811869b51f02ffdec0eb5330a100532f7e1637b70e2c71e58a2f867
noarch	grub2-ppc64le-modules-2.02-123.el8_6.8.alma.noarch.rpm	7cdaabba3dd0453e88db2c10f882186ca45c629554b4c883746518e1e1093c46
noarch	grub2-pc-modules-2.02-123.el8_6.8.alma.noarch.rpm	af61290162a6caa4a770460295b7318da3c9ccceea111929cb45abc11c841792
noarch	grub2-efi-x64-modules-2.02-123.el8_6.8.alma.noarch.rpm	f46bb28b1ff560abd311ea7a7d757b4b3971f3a6be5220ffddc6f92a32983ed5
noarch	grub2-efi-aa64-modules-2.02-123.el8_6.8.alma.noarch.rpm	fb1de7f3dce0f4c653a519fa3e618f5aed2e7a4d3d01e3d3dc0a2127eb927022
x86_64	grub2-tools-efi-2.02-123.el8_6.8.alma.x86_64.rpm	0e0c86f14138804a6a7626f1fbb8f435e9a1ac538577ac036a6490923f79ed22
x86_64	grub2-tools-minimal-2.02-123.el8_6.8.alma.x86_64.rpm	27c8cde82a9b26ac164b5c76c53a884892b8a9e98329b6483c8326dace4504f0
x86_64	grub2-tools-extra-2.02-123.el8_6.8.alma.x86_64.rpm	4fbcb218d0d9928b03207fb4aebe0652c3e81375ffc1da31d7ffaa6dabf435f1
x86_64	shim-x64-15.6-1.el8.alma.x86_64.rpm	7b25f67c04cb0c9e9a6e8d507a8c8d5438d5b246939f39dab6ec9034c8e85f3d
x86_64	shim-ia32-15.6-1.el8.alma.x86_64.rpm	80557d83818ae2cba26c1137f4a5a868c1aac76980e1a47cd670d01654964a23
x86_64	grub2-efi-x64-cdboot-2.02-123.el8_6.8.alma.x86_64.rpm	868df926c33ff69adc7c76a185120c656643d7559fecc91c469cc361edd7918c
x86_64	shim-unsigned-x64-15.6-1.el8.alma.x86_64.rpm	ae969ab42b89fc7ff4e2308f8fc5a6e577d724d2fe98596966574ad693204976
x86_64	grub2-efi-ia32-2.02-123.el8_6.8.alma.x86_64.rpm	bf7100a50659d2eff080021d247710c72ffa319193c9f184f7ec4ca8f29d2860
x86_64	grub2-tools-2.02-123.el8_6.8.alma.x86_64.rpm	c68fed5fe8e830026794fb94e173e0e57390c9aa16c47812171f7696a4e165c7
x86_64	grub2-efi-ia32-cdboot-2.02-123.el8_6.8.alma.x86_64.rpm	cf5d0aca09dd3ac7f5ad8ed1da34c16ef70165289a4ad30ca1dfae03e7326dfa
x86_64	grub2-pc-2.02-123.el8_6.8.alma.x86_64.rpm	d4062aedfec2be1ec2841f8604250bd668143617a8ddf992fe0844b40b7c544c
x86_64	grub2-efi-x64-2.02-123.el8_6.8.alma.x86_64.rpm	ec798f776731763c91ca8cb31621ace609d4707a4d8690ddfb87fbd518753039

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.