[ALSA-2025:6990] Moderate: grub2 security update
Type:
security
Severity:
moderate
Release date:
2025-07-02
Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774) * grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775) * grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776) * grub2: fs/ufs: OOB write in the heap (CVE-2024-45781) * grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783) * grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622) * grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677) * grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 grub2-efi-aa64-2.06-104.el9_6.alma.1.aarch64.rpm 16ae78eab71570040770185ff7fc5b4e3fc24f248a1650cf0defa0813dfe22a7
aarch64 grub2-tools-extra-2.06-104.el9_6.alma.1.aarch64.rpm 36dd1e84c32d27c651e2a4de97b2f6cdfff90055b686c3caea12890c658dabf6
aarch64 grub2-tools-minimal-2.06-104.el9_6.alma.1.aarch64.rpm 4c6f7ee7f245fa276654f793632f50b2ac72f6cb467e8bb465d8e8de10e9fdce
aarch64 grub2-tools-2.06-104.el9_6.alma.1.aarch64.rpm 5d4f4f3315c21799104f2d29c40d662520925b0ebb4b16a772b8815957b62205
aarch64 grub2-efi-aa64-cdboot-2.06-104.el9_6.alma.1.aarch64.rpm 987ae69060afddbcdc8e0e3e9d4c48a95c29bfd542f64b1871e479ed7c29a42e
noarch grub2-common-2.06-104.el9_6.alma.1.noarch.rpm 1db378d2ed0d8b601c7b94d3ac146440a8d8253e164f72bac16da9a99f78fe5e
noarch grub2-efi-aa64-modules-2.06-104.el9_6.alma.1.noarch.rpm 92f048f9cea6b4c565acd01e73c54b7faead2255addbbb8da22ab8e038ea89cd
noarch grub2-efi-x64-modules-2.06-104.el9_6.alma.1.noarch.rpm ad4079a764915af6c7598e2ecadc65c22b07333c21c739970d2cb4b18e790c14
noarch grub2-ppc64le-modules-2.06-104.el9_6.alma.1.noarch.rpm cc51846110a748db9533eee1172507ea540b83caa6e63b058641377a95207ab1
noarch grub2-pc-modules-2.06-104.el9_6.alma.1.noarch.rpm ef2c38771e51097d02737e395037f0b09108048252a159a94d4fb2eaa64c5b08
ppc64le grub2-tools-extra-2.06-104.el9_6.alma.1.ppc64le.rpm 87be4df47315c93d1d081b9a884ad43c49a752d9d59dc78d8f8dabc1bbbc9f74
ppc64le grub2-ppc64le-2.06-104.el9_6.alma.1.ppc64le.rpm a49bc6032d872bea4108be45e4df78715121c5616835fd4eefff726409a6794b
ppc64le grub2-tools-2.06-104.el9_6.alma.1.ppc64le.rpm c04bbfe4d803abfa3b5ad1c5a3633a10e420251b3b3f4f81da968b22f8ae82a5
ppc64le grub2-tools-minimal-2.06-104.el9_6.alma.1.ppc64le.rpm e69f6e6de6b902d1fa9e223036adb25cb9db92000edca5fbf1b942b1fcf7a3be
x86_64 grub2-pc-2.06-104.el9_6.alma.1.x86_64.rpm 463079a00d237b0b732a7ffa7e253ed68138ab32e09a310c7166b61953e94c57
x86_64 grub2-tools-efi-2.06-104.el9_6.alma.1.x86_64.rpm 646b267c442255b07d04a7b8d568e9dffb7efacffbeb946bf8377e8742ac4586
x86_64 grub2-efi-x64-2.06-104.el9_6.alma.1.x86_64.rpm 6a8535eecf4df3100a0cfa099bb97eb979b4e706abb35dab9b8d8f85003de5d1
x86_64 grub2-tools-minimal-2.06-104.el9_6.alma.1.x86_64.rpm 8df06b98b8091fd816382a1ef98fb5df45cc3abf00121083c874cf8249759655
x86_64 grub2-efi-x64-cdboot-2.06-104.el9_6.alma.1.x86_64.rpm 9b7417712ae17a1c7eba4686f6a573309a14176a4b84aeab4deb1a145cafe42f
x86_64 grub2-tools-extra-2.06-104.el9_6.alma.1.x86_64.rpm a3a2cbede290009337b48396d9f1bac5384423a620552582b7322cd39554ec11
x86_64 grub2-tools-2.06-104.el9_6.alma.1.x86_64.rpm d0895cbd50f3e489986770db5eee3404e09d866fb6fd80513d719782b62d2dec
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.