Описание
ELSA-2025-3367: grub2 security update (IMPORTANT)
[2.02-164.0.2]
- fs/ext2: Rework out-of-bounds read for inline and external extents [Orabug: 37829911]
[2.02-164.0.1]
- Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
- Fix typo in SBAT metadata [Orabug: 37693946]
- Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
- net/dns: Fix removal of DNS server [Orabug: 37539625]
- net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625]
- net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625]
- net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625]
- Use correct os_name on OL
- Backport the support for setting custom kernels as default kernels [Orabug: 36690061]
- Restore correct SBAT entries
- Replaced bugzilla.oracle.com references [Orabug: 35475894]
- efinet: Close and reopen card on failure [Orabug: 35126950]
- Fix CVE-2022-3775 [Orabug: 34867710]
- Bump SBAT metadata for grub to 3 [Orabug: 34871758]
- Enable signing on aarch64
- Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996]
- Enable back btrfs module by default [Orabug: 34377188]
- Backport upstream SNP protocol fixes [Orabug: 34195100]
- Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232]
- enable multiboot2 [Orabug: 34285558]
- backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462]
- backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462]
- Backport some better script logic for BTRFS support [Orabug: 32448171]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- Fix various coverity issues [Orabug: 32530657]
- Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]
- Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
[2.02-164]
- Bump NVR to sign the build
- Resolves: #RHEL-85627
[2.02-163]
- fs/xfs: Synced xfs to latest
- Resolves: #RHEL-85627
[2.02-162]
- ieee1275/ofnet: Fix grub_malloc() removed after added safe
- Remove 'fs/ntfs: Implement attribute verification' patch
- Related: #RHEL-79837
[2.02-161]
- Add Several CVE fixes
- Resolves CVE-2024-45775 CVE-2025-0624
- Resolves: #RHEL-75735
- Resolves: #RHEL-79837
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
grub2-common
2.02-164.0.2.el8_10
grub2-efi-aa64
2.02-164.0.2.el8_10
grub2-efi-aa64-cdboot
2.02-164.0.2.el8_10
grub2-efi-aa64-modules
2.02-164.0.2.el8_10
grub2-efi-ia32-modules
2.02-164.0.2.el8_10
grub2-efi-x64-modules
2.02-164.0.2.el8_10
grub2-pc-modules
2.02-164.0.2.el8_10
grub2-tools
2.02-164.0.2.el8_10
grub2-tools-extra
2.02-164.0.2.el8_10
grub2-tools-minimal
2.02-164.0.2.el8_10
Oracle Linux x86_64
grub2-common
2.02-164.0.2.el8_10
grub2-efi-aa64-modules
2.02-164.0.2.el8_10
grub2-efi-ia32
2.02-164.0.2.el8_10
grub2-efi-ia32-cdboot
2.02-164.0.2.el8_10
grub2-efi-ia32-modules
2.02-164.0.2.el8_10
grub2-efi-x64
2.02-164.0.2.el8_10
grub2-efi-x64-cdboot
2.02-164.0.2.el8_10
grub2-efi-x64-modules
2.02-164.0.2.el8_10
grub2-pc
2.02-164.0.2.el8_10
grub2-pc-modules
2.02-164.0.2.el8_10
grub2-tools
2.02-164.0.2.el8_10
grub2-tools-efi
2.02-164.0.2.el8_10
grub2-tools-extra
2.02-164.0.2.el8_10
grub2-tools-minimal
2.02-164.0.2.el8_10
Связанные CVE
Связанные уязвимости
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
A flaw was found in grub2. During the network boot process, when tryin ...