CentOS-announce Digest, Vol 185, Issue 4 - Discuss

30 Jul 2020

      Send CentOS-announce mailing list submissions to
    centos-announce@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
    centos-announce-request@centos.org
You can reach the person managing the list at
    centos-announce-owner@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CentOS Linux,	CentOS Stream and the Boot Hole vulnerability
      (Brian Stinson)
   2. [Correction/Additions] CentOS Linux, CentOS Stream and the
      Boot Hole vulnerability (Brian Stinson)
   3. CESA-2020:3220 Important CentOS 7 kernel Security	Update
      (Johnny Hughes)
   4. CESA-2020:3217 Moderate CentOS 7 shim Security	Update
      (Johnny Hughes)
   5. CESA-2018:3140 Moderate CentOS 7 fwupdate	Security Update
      (Johnny Hughes)
   6. CESA-2020:3217 Moderate CentOS 7 shim-signed	Security Update
      (Johnny Hughes)
   7. CESA-2020:3217 Moderate CentOS 7 grub2 Security	Update
      (Johnny Hughes)
----------------------------------------------------------------------
Message: 1
Date: Wed, 29 Jul 2020 12:38:47 -0500
From: Brian Stinson bstinson@centosproject.org
To: centos-announce@centos.org
Subject: [CentOS-announce] CentOS Linux,	CentOS Stream and the Boot
    Hole vulnerability
Message-ID: 0f0d3ad8-7160-73b7-82d2-6d8ff51ef5f1@centosproject.org
Content-Type: text/plain; charset=utf-8
We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and
are working on releasing new packages for CentOS Linux 7, CentOS Linux 8
and CentOS Stream in response. These should make it out to a mirror near
you shortly.
/!\ Secureboot Systems - Please do a full update /!\
CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST
update the kernel, grub2, and shim packages together. As part of this
CVE, we have re-issued the kernel and shim signing certificate
authorities, and previously released EL8 kernels cannot boot in
secureboot mode with the newer shim/grub2.
The following packages boot together in secureboot mode on CentOS Stream:
*
kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8
*
grub2-2.02-87.el8_2
*
shim-x64-15-13.el8
The following packages boot together in secureboot mode on CentOS Linux 8:
*
kernel-4.18.0-193.14.2.el8_2
*
grub2-2.02-87.el8_2
*
shim-x64-15-13.el8
For systems with CentOS Linux 7 or with secureboot disabled, we strongly
recommend doing a full `dnf/yum update` to pick up all of the latest
patches at the same time.
On behalf of the CentOS Team,
--
Brian Stinson
------------------------------
Message: 2
Date: Wed, 29 Jul 2020 13:46:26 -0500
From: Brian Stinson bstinson@centosproject.org
To: centos-announce@centos.org
Subject: [CentOS-announce] [Correction/Additions] CentOS Linux, CentOS
    Stream and the Boot Hole vulnerability
Message-ID: d82db84a-7564-48bb-ef18-e6dd0a2f5036@centosproject.org
Content-Type: text/plain; charset=utf-8
On 7/29/20 12:38 PM, Brian Stinson wrote:
...
We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and
are working on releasing new packages for CentOS Linux 7, CentOS Linux 8
and CentOS Stream in response. These should make it out to a mirror near
you shortly.
/!\ Secureboot Systems - Please do a full update /!\
CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST
update the kernel, grub2, and shim packages together. As part of this
CVE, we have re-issued the kernel and shim signing certificate
authorities, and previously released EL8 kernels cannot boot in
secureboot mode with the newer shim/grub2.
The following packages boot together in secureboot mode on CentOS Stream:

kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8

grub2-2.02-87.el8_2

shim-x64-15-13.el8

The following packages boot together in secureboot mode on CentOS Linux 8:

kernel-4.18.0-193.14.2.el8_2

grub2-2.02-87.el8_2

shim-x64-15-13.el8

For systems with CentOS Linux 7 or with secureboot disabled, we strongly
recommend doing a full `dnf/yum update` to pick up all of the latest
patches at the same time.
On behalf of the CentOS Team,
--
Brian Stinson

CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
This is a minor correction to the CVE number referenced in this earlier
post.
CVE-2020-10713 is the correct assignment.
This is a link to the research article:
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
And a link to the post on OSS Security with details about related CVEs:
https://www.openwall.com/lists/oss-security/2020/07/29/3
?
------------------------------
Message: 3
Date: Thu, 30 Jul 2020 00:08:16 +0000
From: Johnny Hughes johnny@centos.org
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2020:3220 Important CentOS 7 kernel
    Security	Update
Message-ID: 20200730000816.GA18261@bstore1.rdu2.centos.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2020:3220 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3220
The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename )
x86_64:
902acadffe6f22819077496921383eaf7b2e83dc506a6ef6024c662bf7aa219b  bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
28bd92ee760fa1d9d6665ee33382089eab61f13e44ea46cc77bc7bd456cc78d1  kernel-3.10.0-1127.18.2.el7.x86_64.rpm
92f9b61e88437523d873b8dc22e8a29a44e0a487b0dc5a343ed81fe35428d7c4  kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
5f0282fc7886ba082a43a0259bd3a6038dd3aca4574bbbceef90a1aba88d9a84  kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
b39c5e6e7b1bb5fb503352e67d0cbf0f20e4040f50ea8a24450cda3d0ce316ef  kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
ee25595e47130f137034ab8c665d8509448f1dbba65d4bf4e7fc5292e9d2b7a5  kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
93dbc66703ceae3244ee11c60d8af22cd10ebd7b182dea59353916941389f0df  kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm
686c91ea38d4d22461bb9db234d6204208818a3b9c36e36e33ffe85adf43918b  kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
b5780110e4033f75514552d8118119ce545cb00b0f30aeb883d738cb2eb6eaa8  kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
cbcedbc44f834457956181f8a5f5a20a39bdddb10c7d3dd6a324beb388c71321  kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
aaee5ada299aea7c953b48a29d74fb7f2c2e5e23bab0c5cfb2c409c32e16fadb  kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm
139a42a53f1b974880e3513eb48d80a63e6071aa2a50370c7e68e9ac2ba52213  perf-3.10.0-1127.18.2.el7.x86_64.rpm
619c92886d32633e098d4e5ef558c46e6452eccdd365a8be75e5d89bafae27a7  python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
Source:
6ef0b9b15b602fbf9573a22158fad1537397dc6cfb6ab507ddc31a65335e4837  kernel-3.10.0-1127.18.2.el7.src.rpm
-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

------------------------------

Message: 4
Date: Thu, 30 Jul 2020 00:08:50 +0000
From: Johnny Hughes johnny@centos.org
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 shim
    Security	Update
Message-ID: 20200730000850.GA18384@bstore1.rdu2.centos.org
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2020:3217 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
920e0075aa2fd067ef46bdaeac583b32d8d9871c01db67f1e2ec4b107926df04  shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
cd6842c60c2a012c8d8250c46cfd24c3381b392d5f5556a1755829311e74c732  shim-unsigned-x64-15-7.el7_9.x86_64.rpm

Source:
249512caa1fc6e5956cded0c0a6fdb7e999c97b86dc6c249773dff614d4f746f  shim-15-7.el7_9.src.rpm

-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

------------------------------

Message: 5
Date: Thu, 30 Jul 2020 00:09:07 +0000
From: Johnny Hughes johnny@centos.org
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2018:3140 Moderate CentOS 7 fwupdate
    Security Update
Message-ID: 20200730000907.GA18499@bstore1.rdu2.centos.org
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2018:3140 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
c05389bec1bdbeb04d070fccf0f5bdf8881ad807d6f837f35cbbf68b1848cbb0  fwupdate-12-6.el7.centos.x86_64.rpm
6bf6d673a0b0b1174165533f726dc07d6b804b59a5500958689c5df99572e6ab  fwupdate-devel-12-6.el7.centos.x86_64.rpm
52e24c7f1318f068f2611bba1e5f083feb60de6ef7554da28e48ad9120dd49c5  fwupdate-efi-12-6.el7.centos.x86_64.rpm
bd06f43c52936c555729b0b1262c077b94fac2b989c4b3a6d218cc1c5ee50ff5  fwupdate-libs-12-6.el7.centos.x86_64.rpm

Source:
1e4802e55272b2fc79d6b09f81ed5e325f600b15c3a91774055ac56989d0bf13  fwupdate-12-6.el7.centos.src.rpm

-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

------------------------------

Message: 6
Date: Thu, 30 Jul 2020 00:09:23 +0000
From: Johnny Hughes johnny@centos.org
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7
    shim-signed	Security Update
Message-ID: 20200730000923.GA18599@bstore1.rdu2.centos.org
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2020:3217 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
46d78ecee751d736f35445677f13e9513bcc73e01c21e8b46e19f6d5f9fdb44f  mokutil-15-7.el7_9.x86_64.rpm
44a808272f4977f5c81fcb76b18199b90b5bf4b058f2f418014b8c2f24cb5a83  shim-ia32-15-7.el7_9.x86_64.rpm
bc8bf6b6c2068d3d9477e9a5596ff038ea1dc233cc3609e56571d4982e7d0879  shim-x64-15-7.el7_9.x86_64.rpm

Source:
df836efee4f974f207aa81aa396cda6f72daa95380b4d1f9f6659200c828bf5d  shim-signed-15-7.el7_9.src.rpm

-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

------------------------------

Message: 7
Date: Thu, 30 Jul 2020 00:10:07 +0000
From: Johnny Hughes johnny@centos.org
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 grub2
    Security	Update
Message-ID: 20200730001007.GA18819@bstore1.rdu2.centos.org
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2020:3217 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
10f5fc45885e9744b499a8d1830336902b9f4f4dd51ce0575fd5bb18e9047631  grub2-2.02-0.86.el7.centos.x86_64.rpm
9e82c47470c39b8c9c33717412a158f6bc1812fb771990b5dd8496ee1c94b22b  grub2-common-2.02-0.86.el7.centos.noarch.rpm
c5df733e242a01dac2a0caacf4436ed89ad75524499d26b675cacdae40d52fbd  grub2-efi-ia32-2.02-0.86.el7.centos.x86_64.rpm
c80037611cffa96c137a0fb8d69fc24c0bb09bdc375e050eb5e31462afa150d2  grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.x86_64.rpm
5136ed781f53e9330c45a1b087415e526db7c34786a3820b5ed6f94a984d602a  grub2-efi-ia32-modules-2.02-0.86.el7.centos.noarch.rpm
1ec6e0366621da95205d57d23923c753ba502e8edfcf93cf6a01fe77f5f5af11  grub2-efi-x64-2.02-0.86.el7.centos.x86_64.rpm
1383ce6a6084b7f57053146679c211ea1b26f8301c44a7cbfdba8ea0d78de9f4  grub2-efi-x64-cdboot-2.02-0.86.el7.centos.x86_64.rpm
7b0f54f0c04a7d856a2211e2620f528097ee3c2d2a8d04adfc7d8631b97922df  grub2-efi-x64-modules-2.02-0.86.el7.centos.noarch.rpm
8f89bbf59c8970c2521bb90058f66a5fa744b00c80e411faed66a164b4c02a7e  grub2-i386-modules-2.02-0.86.el7.centos.noarch.rpm
888f2ae0c70346cd235901ec3f4a8b1aa5a34c6d665b0868fa1ec25291497932  grub2-pc-2.02-0.86.el7.centos.x86_64.rpm
53aac7825660300e05a2bdb6b4d79221788bc50c554f9f1dbd9bf0706fe3db14  grub2-pc-modules-2.02-0.86.el7.centos.noarch.rpm
cb5848b77ed2a5f81e8b27a7138917442d54656a3438a92cfa15d4f724549ed4  grub2-tools-2.02-0.86.el7.centos.x86_64.rpm
4441a4895a43bec4adc5bbc9acc8a888c1b0f5db6022f6b18a9099139ee26caa  grub2-tools-extra-2.02-0.86.el7.centos.x86_64.rpm
c2caccf01f5c959fa74e82800f6e5dc2aaaa59904c453388ad0debae8bbbe51b  grub2-tools-minimal-2.02-0.86.el7.centos.x86_64.rpm

Source:
e5f72d4c65882ee14644d92931f6177a194863702367f1f62228b38547d5dab4  grub2-2.02-0.86.el7.centos.src.rpm

-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

------------------------------

Subject: Digest Footer

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

------------------------------

End of CentOS-announce Digest, Vol 185, Issue 4
***********************************************