[CentOS-announce] [Correction/Additions] CentOS Linux, CentOS Stream and the Boot Hole vulnerability

Brian Stinson

bstinson at centosproject.org
Wed Jul 29 18:46:26 UTC 2020


On 7/29/20 12:38 PM, Brian Stinson wrote:
> We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and
> are working on releasing new packages for CentOS Linux 7, CentOS Linux 8
> and CentOS Stream in response. These should make it out to a mirror near
> you shortly.
>
>
> /!\ Secureboot Systems - Please do a full update /!\
>
>
> CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST
> update the kernel, grub2, and shim packages together. As part of this
> CVE, we have re-issued the kernel and shim signing certificate
> authorities, and previously released EL8 kernels cannot boot in
> secureboot mode with the newer shim/grub2.
>
>
> The following packages boot together in secureboot mode on CentOS Stream:
>
>   *
>
>     kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8
>
>   *
>
>     grub2-2.02-87.el8_2
>
>   *
>
>     shim-x64-15-13.el8
>
>
> The following packages boot together in secureboot mode on CentOS Linux 8:
>
>   *
>
>     kernel-4.18.0-193.14.2.el8_2
>
>   *
>
>     grub2-2.02-87.el8_2
>
>   *
>
>     shim-x64-15-13.el8
>
>
> For systems with CentOS Linux 7 or with secureboot disabled, we strongly
> recommend doing a full `dnf/yum update` to pick up all of the latest
> patches at the same time.
>
> On behalf of the CentOS Team,
>
> --
>
> Brian Stinson
>
>
> _______________________________________________
> CentOS-announce mailing list
> CentOS-announce at centos.org
> https://lists.centos.org/mailman/listinfo/centos-announce


This is a minor correction to the CVE number referenced in this earlier
post.

CVE-2020-10713 is the correct assignment.

This is a link to the research article:
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

And a link to the post on OSS Security with details about related CVEs:
https://www.openwall.com/lists/oss-security/2020/07/29/3

 




More information about the CentOS-announce mailing list