- Issued:
- 2020-08-03
- Updated:
- 2020-08-03
RHSA-2020:3273 - Security Advisory
Synopsis
Moderate: grub2 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
- grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
- grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)
- grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)
- grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)
- grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)
- grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
- grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- grub2 should get resynced with 7.8 branch (BZ#1861861)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Fixes
- BZ - 1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
- BZ - 1852009 - CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
- BZ - 1852014 - CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
- BZ - 1852022 - CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
- BZ - 1852030 - CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
- BZ - 1860978 - CVE-2020-15705 grub2: Fail kernel validation without shim protocol
- BZ - 1861118 - CVE-2020-15706 grub2: Use-after-free redefining a function whilst the same function is already executing
- BZ - 1861861 - grub2 should get resynced with 7.8 branch
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server - AUS 7.2
| SRPM | |
|---|---|
| grub2-2.02-0.86.el7_2.src.rpm | SHA-256: e97f3c424258cf942d0a0b414152b0a08655a0a7f0b4f59996c96440642df58f |
| shim-15-8.el7.src.rpm | SHA-256: 454f094da13c1d2f1a4150c1ad7f5b8742340dd24ab3fbca956504716cd17e5e |
| shim-signed-15-8.el7_2.src.rpm | SHA-256: 3d5e9aa3219a97f27bbe9d360db0a3b83c7047221556de5a4429163b0b762d1f |
| x86_64 | |
| grub2-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 65e232254c3aa80d82544ec7babf1360fe16f27f322668d12d9f87352d84e566 |
| grub2-common-2.02-0.86.el7_2.noarch.rpm | SHA-256: 1b7b401f3e768f30c771a08ddeced921ebaefeef7188935813e088ce7779a4d0 |
| grub2-debuginfo-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 2db25e3bd88d0155ae72eca11671322486e29ca15c4b41286853bfa4a66bef6c |
| grub2-debuginfo-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 2db25e3bd88d0155ae72eca11671322486e29ca15c4b41286853bfa4a66bef6c |
| grub2-efi-aa64-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: 43cfc6cc1778cbf46c608d2315a4abb84b0467f37f63fc315898ae7d8183db8c |
| grub2-efi-ia32-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 25dce4ff525b1beacb99d180fa0a8ec24104291def19cdd3da6553f7aefd5044 |
| grub2-efi-ia32-cdboot-2.02-0.86.el7_2.x86_64.rpm | SHA-256: cab7c89c67fe3fc63d3f77b99cb8bca2db72dd53948e27f3ff608d2bfdd47bbf |
| grub2-efi-ia32-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: ca087e030f756010a45acc958aeb0b09c5b0b4261da442871f7f1843840e519a |
| grub2-efi-ia32-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: ca087e030f756010a45acc958aeb0b09c5b0b4261da442871f7f1843840e519a |
| grub2-efi-x64-2.02-0.86.el7_2.x86_64.rpm | SHA-256: db97e58834cea23fd26f86c6fedb5965a7319f381b9a199963ca5795b33a3318 |
| grub2-efi-x64-cdboot-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 209d729769d55b6edcd37c003fad4ac164b8a4ae1b098dd1447a9c215107799f |
| grub2-efi-x64-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: 7d73b31c85b9956420d22b3c3911b97bd7b57c98ca42a9a26df2d5295390a7a3 |
| grub2-efi-x64-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: 7d73b31c85b9956420d22b3c3911b97bd7b57c98ca42a9a26df2d5295390a7a3 |
| grub2-pc-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 6f071ada5968972a8b1b3832c29d07ed28a758efd6e3d242ec66f09a305669b4 |
| grub2-pc-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: f59e9fc9427000627b60451083d5e1bc9af38ef7401402463411370edc2298ee |
| grub2-pc-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: f59e9fc9427000627b60451083d5e1bc9af38ef7401402463411370edc2298ee |
| grub2-ppc-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: 549f98c5e97d5b86a79113a546ab2c81cf6cee8d8ab9bf9dab35e2c9a25bb610 |
| grub2-ppc64-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: 67094182a5b9a25ca5f7d2e56d56287bebe8535b775b54677c2c2bd98d69466e |
| grub2-ppc64-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: 67094182a5b9a25ca5f7d2e56d56287bebe8535b775b54677c2c2bd98d69466e |
| grub2-ppc64le-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: ddb50bc7c93c0a126d7ad64dab65880f9a4fe5859ca072a419af9e834704ae8e |
| grub2-ppc64le-modules-2.02-0.86.el7_2.noarch.rpm | SHA-256: ddb50bc7c93c0a126d7ad64dab65880f9a4fe5859ca072a419af9e834704ae8e |
| grub2-tools-2.02-0.86.el7_2.x86_64.rpm | SHA-256: db84b050fe8d23eb604eaeace49ad1195a2278f1b809e81a605345fdca44b1d5 |
| grub2-tools-extra-2.02-0.86.el7_2.x86_64.rpm | SHA-256: daf875457004ddf3ddcee27e376a228206f60f8d8fd6bf0728790ac3dd740bec |
| grub2-tools-minimal-2.02-0.86.el7_2.x86_64.rpm | SHA-256: 65cc97d333cde56ab0e401c47f2e316a87a5f57bc89720fcb4473f8fa317d515 |
| mokutil-15-8.el7_2.x86_64.rpm | SHA-256: 8f4fbbc69c079106a2ac6a3705f793bb41f5ca081d7c22905e6551798107a30d |
| mokutil-debuginfo-15-8.el7_2.x86_64.rpm | SHA-256: 308e60be030379ab3e2dbbd4331b2ae4b793015277eeb2c7aadbb66aae166f4a |
| shim-15-8.el7_2.x86_64.rpm | SHA-256: d6a96edd2e889c93288c0f98ebb369373acb5d339b23c5e95701e53726015b18 |
| shim-unsigned-ia32-15-8.el7.x86_64.rpm | SHA-256: fbe4c65f4e2e0f4aad773a158bfe1e880e0202539eeaf51e83459d8a85b7c471 |
| shim-unsigned-x64-15-8.el7.x86_64.rpm | SHA-256: de120667a73dfd5fa2d89de8eed398ca47b2a22d08f774edca3e7c78f013fa54 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.