Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:3184

Опубликовано: 14 июн. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

  • grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048)

  • grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (CVE-2023-4692)

  • grub2: out-of-bounds read at fs/ntfs.c (CVE-2023-4693)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
grub2-commonnoarch156.el8.rocky.0.1grub2-common-2.02-156.el8.rocky.0.1.noarch.rpm
grub2-efi-aa64-modulesnoarch156.el8.rocky.0.1grub2-efi-aa64-modules-2.02-156.el8.rocky.0.1.noarch.rpm
grub2-efi-ia32x86_64156.el8.rocky.0.1grub2-efi-ia32-2.02-156.el8.rocky.0.1.x86_64.rpm
grub2-efi-ia32-cdbootx86_64156.el8.rocky.0.1grub2-efi-ia32-cdboot-2.02-156.el8.rocky.0.1.x86_64.rpm
grub2-efi-ia32-modulesnoarch156.el8.rocky.0.1grub2-efi-ia32-modules-2.02-156.el8.rocky.0.1.noarch.rpm
grub2-efi-x64x86_64156.el8.rocky.0.1grub2-efi-x64-2.02-156.el8.rocky.0.1.x86_64.rpm
grub2-efi-x64-cdbootx86_64156.el8.rocky.0.1grub2-efi-x64-cdboot-2.02-156.el8.rocky.0.1.x86_64.rpm
grub2-efi-x64-modulesnoarch156.el8.rocky.0.1grub2-efi-x64-modules-2.02-156.el8.rocky.0.1.noarch.rpm
grub2-pcx86_64156.el8.rocky.0.1grub2-pc-2.02-156.el8.rocky.0.1.x86_64.rpm
grub2-pc-modulesnoarch156.el8.rocky.0.1grub2-pc-modules-2.02-156.el8.rocky.0.1.noarch.rpm

Показывать по

Связанные CVE

CVE-2023-4692
CVE-2023-4693
CVE-2024-1048

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-3184

oracle-oval
около 1 года назад

ELSA-2024-3184: grub2 security update (MODERATE)

oracle-oval логотип

ELSA-2024-2456

oracle-oval
около 1 года назад

ELSA-2024-2456: grub2 security update (MODERATE)

suse-cvrf логотип

SUSE-SU-2023:4141-1

suse-cvrf
больше 1 года назад

Security update for grub2

suse-cvrf логотип

SUSE-SU-2023:4140-1

suse-cvrf
больше 1 года назад

Security update for grub2

suse-cvrf логотип

SUSE-SU-2023:4130-1

suse-cvrf
больше 1 года назад

Security update for grub2