ALSA-2024:2456

[ALSA-2024:2456] Moderate: grub2 security update

Type:

security

Severity:

moderate

Release date:

2024-05-07

Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048)
* grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (CVE-2023-4692)
* grub2: out-of-bounds read at fs/ntfs.c (CVE-2023-4693)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	grub2-tools-extra-2.06-77.el9.alma.1.aarch64.rpm	6e6959d6cfe3ffa7a3e98df2349aa50483a2e6d5ff477c79055a416ca5c61015
aarch64	grub2-efi-aa64-2.06-77.el9.alma.1.aarch64.rpm	7c185ed5c753c233220017904fbe35e989081556b6a7e36e758147f719029796
aarch64	grub2-tools-2.06-77.el9.alma.1.aarch64.rpm	9bee35f52d9c42e970d1a89609ad6988505bdbbe2f2f1eafb6f557980802a1b7
aarch64	grub2-tools-minimal-2.06-77.el9.alma.1.aarch64.rpm	f45dafa33099637816fb2130bf1ba1a3b9cb648627a2a4db24d1347db326a714
aarch64	grub2-efi-aa64-cdboot-2.06-77.el9.alma.1.aarch64.rpm	fe327e9683d1bba4273c70c72f70a90f818232713ac788d2f32ec4d60db64482
noarch	grub2-pc-modules-2.06-77.el9.alma.1.noarch.rpm	1b0e6216aa285ff2b09fde2a5789e456445a8e73d0ed0a93df0949d84fc9139c
noarch	grub2-ppc64le-modules-2.06-77.el9.alma.1.noarch.rpm	b51a8480c154c1fe05f4595e8b04d538ff44ff31387370b6df08131151e08e4e
noarch	grub2-efi-x64-modules-2.06-77.el9.alma.1.noarch.rpm	d4419dc59c9f40d93a8a87c55f39e347002dc9ed3f1185cdea105f7a31fe102d
noarch	grub2-efi-aa64-modules-2.06-77.el9.alma.1.noarch.rpm	e5ac6ac43c2b18b57fa6bf70a0141c5dbadc0eb7f808cad0545b973d75184232
noarch	grub2-common-2.06-77.el9.alma.1.noarch.rpm	fd4804f9aabf9ab0aa42432b26d96c2a942ebbfd80c9ea052e867d50d260cf5c
ppc64le	grub2-ppc64le-2.06-77.el9.alma.1.ppc64le.rpm	13524748a9d5766e2b71c5267b18a5cb1bc9fe31116f19dfb792fe84c11700d6
ppc64le	grub2-tools-extra-2.06-77.el9.alma.1.ppc64le.rpm	216dc72633a41e5a5465aecd26cbe5d01af91515c085425c45f37cd6325ebd9e
ppc64le	grub2-tools-2.06-77.el9.alma.1.ppc64le.rpm	c15b7368f9276a1d5b68c09c2cd7211c8c5575efa4eb188e09aa56777502da28
ppc64le	grub2-tools-minimal-2.06-77.el9.alma.1.ppc64le.rpm	e750b61e2bd5269c34ac2eebeb9c9c8030c635f6aa65b70d4453a4803d355729
x86_64	grub2-tools-2.06-77.el9.alma.1.x86_64.rpm	21a434a0426173c7d87aa0e7cd9c8a51389f5819ba65efc9431599160edfe7a9
x86_64	grub2-pc-2.06-77.el9.alma.1.x86_64.rpm	66026ed762c385e48c7dddd93508185cfb7d8dc10ae4c5599b2b6771d53f94e7
x86_64	grub2-tools-extra-2.06-77.el9.alma.1.x86_64.rpm	9f4edede2243f10a040caf804b6ddfc8e921e8538595129256b26001a5400410
x86_64	grub2-efi-x64-2.06-77.el9.alma.1.x86_64.rpm	b02f1f05ae576f78122af4674ba5d279d6dd4809330d513481eae0bfdf2521f9
x86_64	grub2-efi-x64-cdboot-2.06-77.el9.alma.1.x86_64.rpm	b0caac251a3822d24467ccd533c63badb768927c7f792eb070a2b88a8a1891bf
x86_64	grub2-tools-efi-2.06-77.el9.alma.1.x86_64.rpm	cb7f22ed16e88806180bc98cada307d9a187399b3d4075a0d66028cf69cc02f7
x86_64	grub2-tools-minimal-2.06-77.el9.alma.1.x86_64.rpm	fea118ef08a9e654d6b0d3674619d2b94851a15c9c8fcd6ae192d2a908ea7e22

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.