ELSA-2026-4649

Опубликовано: 17 мар. 2026

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2026-4649: grub2 security update (MODERATE)

[2.12-29.0.1.el10_1.2]

efinet: Close and reopen card on failure [Orabug: 37808688]
Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
Fix typo in SBAT metadata [Orabug: 37693946]
Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
Enable btrfs module [Orabug: 37412995]
Restored shim related conflicts and provide. [Orabug: 37376920]
Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566]
Support setting custom kernels as default kernels [Orabug: 36043978]
Bump SBAT metadata for grub to 3 [Orabug: 34872719]
Fix CVE-2022-3775 [Orabug: 34871953]
Enable signing for aarch64 EFI
Fix signing certificate names
Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
Replaced bugzilla.oracle.com references [Orabug: 34202300]
Update provided certificate version to 202204 [JIRA: OLDIS-16371]
Various coverity fixes [JIRA: OLDIS-16371]
bump SBAT generation
Update bug url [Orabug: 34202300]
Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
Update signing certificate [JIRA: OLDIS-16371]
fix SBAT data [JIRA: OLDIS-16371]
Update requires [JIRA: OLDIS-16371]
Rebuild for SecureBoot signatures [Orabug: 33801813]
Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
Update Oracle SBAT data [Orabug: 32670033]
Use new signing certificate [Orabug: 32670033]
honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
Update upstream references [Orabug: 26388226]
Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.12-29.2]

Try to get gating tests running via fmf/tmt
Resolves: #RHEL-152849

[2.12-29.1]

Fixes CVE-2025-61662 Missing unregister call for gettext command may lead to use-after-free
Resolves: #RHEL-141580

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

grub2-common

2.12-29.0.1.el10_1.2

grub2-efi-aa64

2.12-29.0.1.el10_1.2

grub2-efi-aa64-cdboot

2.12-29.0.1.el10_1.2

grub2-efi-aa64-modules

2.12-29.0.1.el10_1.2

grub2-efi-x64-modules

2.12-29.0.1.el10_1.2

grub2-tools

2.12-29.0.1.el10_1.2

grub2-tools-extra

2.12-29.0.1.el10_1.2

grub2-tools-minimal

2.12-29.0.1.el10_1.2

Oracle Linux x86_64

grub2-common

2.12-29.0.1.el10_1.2

grub2-efi-aa64-modules

2.12-29.0.1.el10_1.2

grub2-efi-x64

2.12-29.0.1.el10_1.2

grub2-efi-x64-cdboot

2.12-29.0.1.el10_1.2

grub2-efi-x64-modules

2.12-29.0.1.el10_1.2

grub2-pc

2.12-29.0.1.el10_1.2

grub2-pc-modules

2.12-29.0.1.el10_1.2

grub2-tools

2.12-29.0.1.el10_1.2

grub2-tools-efi

2.12-29.0.1.el10_1.2

grub2-tools-extra

2.12-29.0.1.el10_1.2

grub2-tools-minimal

2.12-29.0.1.el10_1.2

Связанные CVE

CVE-2025-61662

Ссылки на источники

Связанные уязвимости

CVE-2025-61662

CVSS3: 7.8

ubuntu

4 месяца назад

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.