[ALSA-2022:5099] Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
Type:
security
Severity:
important
Release date:
2022-08-23
Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages:
  • grub2-efi-x64-modules-2.06-27.el9_0.7.alma.noarch.rpm
  • grub2-efi-aa64-modules-2.06-27.el9_0.7.alma.noarch.rpm
  • grub2-ppc64le-modules-2.06-27.el9_0.7.alma.noarch.rpm
  • grub2-pc-modules-2.06-27.el9_0.7.alma.noarch.rpm
  • grub2-common-2.06-27.el9_0.7.alma.noarch.rpm
  • shim-unsigned-x64-15.6-1.el9.alma.x86_64.rpm
  • grub2-tools-minimal-2.06-27.el9_0.7.alma.x86_64.rpm
  • grub2-efi-x64-2.06-27.el9_0.7.alma.x86_64.rpm
  • grub2-efi-x64-cdboot-2.06-27.el9_0.7.alma.x86_64.rpm
  • grub2-tools-efi-2.06-27.el9_0.7.alma.x86_64.rpm
  • grub2-tools-2.06-27.el9_0.7.alma.x86_64.rpm
  • grub2-tools-extra-2.06-27.el9_0.7.alma.x86_64.rpm
  • grub2-pc-2.06-27.el9_0.7.alma.x86_64.rpm
  • shim-x64-15.6-1.el9.alma.x86_64.rpm
  • grub2-tools-minimal-2.06-27.el9_0.7.alma.ppc64le.rpm
  • grub2-ppc64le-2.06-27.el9_0.7.alma.ppc64le.rpm
  • grub2-tools-extra-2.06-27.el9_0.7.alma.ppc64le.rpm
  • grub2-tools-2.06-27.el9_0.7.alma.ppc64le.rpm
  • grub2-tools-minimal-2.06-27.el9_0.7.alma.aarch64.rpm
  • grub2-tools-extra-2.06-27.el9_0.7.alma.aarch64.rpm
  • shim-aa64-15.6-1.el9.alma.aarch64.rpm
  • grub2-tools-2.06-27.el9_0.7.alma.aarch64.rpm
  • grub2-efi-aa64-cdboot-2.06-27.el9_0.7.alma.aarch64.rpm
  • grub2-efi-aa64-2.06-27.el9_0.7.alma.aarch64.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.