Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:3273 - Security Advisory
Issued:
2020-08-03
Updated:
2020-08-03

RHSA-2020:3273 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: grub2 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

  • grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
  • grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)
  • grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)
  • grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)
  • grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)
  • grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
  • grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • grub2 should get resynced with 7.8 branch (BZ#1861861)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.2 x86_64

Fixes

  • BZ - 1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
  • BZ - 1852009 - CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
  • BZ - 1852014 - CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
  • BZ - 1852022 - CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
  • BZ - 1852030 - CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
  • BZ - 1860978 - CVE-2020-15705 grub2: Fail kernel validation without shim protocol
  • BZ - 1861118 - CVE-2020-15706 grub2: Use-after-free redefining a function whilst the same function is already executing
  • BZ - 1861861 - grub2 should get resynced with 7.8 branch

CVEs

  • CVE-2020-10713
  • CVE-2020-14308
  • CVE-2020-14309
  • CVE-2020-14310
  • CVE-2020-14311
  • CVE-2020-15705
  • CVE-2020-15706

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/security/vulnerabilities/grub2bootloader
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.2

SRPM
grub2-2.02-0.86.el7_2.src.rpm SHA-256: e97f3c424258cf942d0a0b414152b0a08655a0a7f0b4f59996c96440642df58f
shim-15-8.el7.src.rpm SHA-256: 454f094da13c1d2f1a4150c1ad7f5b8742340dd24ab3fbca956504716cd17e5e
shim-signed-15-8.el7_2.src.rpm SHA-256: 3d5e9aa3219a97f27bbe9d360db0a3b83c7047221556de5a4429163b0b762d1f
x86_64
grub2-2.02-0.86.el7_2.x86_64.rpm SHA-256: 65e232254c3aa80d82544ec7babf1360fe16f27f322668d12d9f87352d84e566
grub2-common-2.02-0.86.el7_2.noarch.rpm SHA-256: 1b7b401f3e768f30c771a08ddeced921ebaefeef7188935813e088ce7779a4d0
grub2-debuginfo-2.02-0.86.el7_2.x86_64.rpm SHA-256: 2db25e3bd88d0155ae72eca11671322486e29ca15c4b41286853bfa4a66bef6c
grub2-debuginfo-2.02-0.86.el7_2.x86_64.rpm SHA-256: 2db25e3bd88d0155ae72eca11671322486e29ca15c4b41286853bfa4a66bef6c
grub2-efi-aa64-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: 43cfc6cc1778cbf46c608d2315a4abb84b0467f37f63fc315898ae7d8183db8c
grub2-efi-ia32-2.02-0.86.el7_2.x86_64.rpm SHA-256: 25dce4ff525b1beacb99d180fa0a8ec24104291def19cdd3da6553f7aefd5044
grub2-efi-ia32-cdboot-2.02-0.86.el7_2.x86_64.rpm SHA-256: cab7c89c67fe3fc63d3f77b99cb8bca2db72dd53948e27f3ff608d2bfdd47bbf
grub2-efi-ia32-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: ca087e030f756010a45acc958aeb0b09c5b0b4261da442871f7f1843840e519a
grub2-efi-ia32-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: ca087e030f756010a45acc958aeb0b09c5b0b4261da442871f7f1843840e519a
grub2-efi-x64-2.02-0.86.el7_2.x86_64.rpm SHA-256: db97e58834cea23fd26f86c6fedb5965a7319f381b9a199963ca5795b33a3318
grub2-efi-x64-cdboot-2.02-0.86.el7_2.x86_64.rpm SHA-256: 209d729769d55b6edcd37c003fad4ac164b8a4ae1b098dd1447a9c215107799f
grub2-efi-x64-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: 7d73b31c85b9956420d22b3c3911b97bd7b57c98ca42a9a26df2d5295390a7a3
grub2-efi-x64-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: 7d73b31c85b9956420d22b3c3911b97bd7b57c98ca42a9a26df2d5295390a7a3
grub2-pc-2.02-0.86.el7_2.x86_64.rpm SHA-256: 6f071ada5968972a8b1b3832c29d07ed28a758efd6e3d242ec66f09a305669b4
grub2-pc-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: f59e9fc9427000627b60451083d5e1bc9af38ef7401402463411370edc2298ee
grub2-pc-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: f59e9fc9427000627b60451083d5e1bc9af38ef7401402463411370edc2298ee
grub2-ppc-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: 549f98c5e97d5b86a79113a546ab2c81cf6cee8d8ab9bf9dab35e2c9a25bb610
grub2-ppc64-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: 67094182a5b9a25ca5f7d2e56d56287bebe8535b775b54677c2c2bd98d69466e
grub2-ppc64-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: 67094182a5b9a25ca5f7d2e56d56287bebe8535b775b54677c2c2bd98d69466e
grub2-ppc64le-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: ddb50bc7c93c0a126d7ad64dab65880f9a4fe5859ca072a419af9e834704ae8e
grub2-ppc64le-modules-2.02-0.86.el7_2.noarch.rpm SHA-256: ddb50bc7c93c0a126d7ad64dab65880f9a4fe5859ca072a419af9e834704ae8e
grub2-tools-2.02-0.86.el7_2.x86_64.rpm SHA-256: db84b050fe8d23eb604eaeace49ad1195a2278f1b809e81a605345fdca44b1d5
grub2-tools-extra-2.02-0.86.el7_2.x86_64.rpm SHA-256: daf875457004ddf3ddcee27e376a228206f60f8d8fd6bf0728790ac3dd740bec
grub2-tools-minimal-2.02-0.86.el7_2.x86_64.rpm SHA-256: 65cc97d333cde56ab0e401c47f2e316a87a5f57bc89720fcb4473f8fa317d515
mokutil-15-8.el7_2.x86_64.rpm SHA-256: 8f4fbbc69c079106a2ac6a3705f793bb41f5ca081d7c22905e6551798107a30d
mokutil-debuginfo-15-8.el7_2.x86_64.rpm SHA-256: 308e60be030379ab3e2dbbd4331b2ae4b793015277eeb2c7aadbb66aae166f4a
shim-15-8.el7_2.x86_64.rpm SHA-256: d6a96edd2e889c93288c0f98ebb369373acb5d339b23c5e95701e53726015b18
shim-unsigned-ia32-15-8.el7.x86_64.rpm SHA-256: fbe4c65f4e2e0f4aad773a158bfe1e880e0202539eeaf51e83459d8a85b7c471
shim-unsigned-x64-15-8.el7.x86_64.rpm SHA-256: de120667a73dfd5fa2d89de8eed398ca47b2a22d08f774edca3e7c78f013fa54

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter