ELSA-2026-4760

Опубликовано: 18 мар. 2026

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2026-4760: grub2 security update (MODERATE)

[2.06-114.0.1.el9_7.1]

Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
Fix typo in SBAT metadata [Orabug: 37693946]
Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
net/dns: Fix removal of DNS server [Orabug: 37539625]
net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625]
net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625]
net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625]
efinet: close and reopen network card on failure [Orabug: 35126950], [Orabug: 37747175]
efinet: Correct closing of SNP protocol [Orabug: 35126950], [Orabug: 37747175]
Support setting custom kernels as default kernels [Orabug: 36043978]
Bump SBAT metadata for grub to 3 [Orabug: 34872719]
Fix CVE-2022-3775 [Orabug: 34871953]
Enable signing for aarch64 EFI
Fix signing certificate names
Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
Replaced bugzilla.oracle.com references [Orabug: 34202300]
Update provided certificate version to 202204 [JIRA: OLDIS-16371]
Various coverity fixes [JIRA: OLDIS-16371]
bump SBAT generation
Update bug url [Orabug: 34202300]
Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
Update signing certificate [JIRA: OLDIS-16371]
fix SBAT data [JIRA: OLDIS-16371]
Update requires [JIRA: OLDIS-16371]
Rebuild for SecureBoot signatures [Orabug: 33801813]
Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
Update Oracle SBAT data [Orabug: 32670033]
Use new signing certificate [Orabug: 32670033]
honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
Update upstream references [Orabug: 26388226]
Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.06-114.1]

Fixes CVE-2025-61662 Missing unregister call for gettext command may lead to use-after-free
Resolves: #RHEL-141593

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

grub2-efi-aa64-cdboot

2.06-114.0.1.el9_7.1

grub2-efi-aa64-modules

2.06-114.0.1.el9_7.1

grub2-common

2.06-114.0.1.el9_7.1

grub2-efi-aa64

2.06-114.0.1.el9_7.1

grub2-efi-x64-modules

2.06-114.0.1.el9_7.1

grub2-tools

2.06-114.0.1.el9_7.1

grub2-tools-extra

2.06-114.0.1.el9_7.1

grub2-tools-minimal

2.06-114.0.1.el9_7.1

Oracle Linux x86_64

grub2-common

2.06-114.0.1.el9_7.1

grub2-efi-aa64-modules

2.06-114.0.1.el9_7.1

grub2-efi-x64

2.06-114.0.1.el9_7.1

grub2-efi-x64-cdboot

2.06-114.0.1.el9_7.1

grub2-efi-x64-modules

2.06-114.0.1.el9_7.1

grub2-pc

2.06-114.0.1.el9_7.1

grub2-pc-modules

2.06-114.0.1.el9_7.1

grub2-tools

2.06-114.0.1.el9_7.1

grub2-tools-efi

2.06-114.0.1.el9_7.1

grub2-tools-extra

2.06-114.0.1.el9_7.1

grub2-tools-minimal

2.06-114.0.1.el9_7.1

Связанные CVE

CVE-2025-61662

Ссылки на источники

Связанные уязвимости

CVE-2025-61662

CVSS3: 7.8

ubuntu

4 месяца назад

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.