Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CentOS Linux, CentOS Stream and the Boot Hole vulnerability (Brian Stinson) 2. [Correction/Additions] CentOS Linux, CentOS Stream and the Boot Hole vulnerability (Brian Stinson) 3. CESA-2020:3220 Important CentOS 7 kernel Security Update (Johnny Hughes) 4. CESA-2020:3217 Moderate CentOS 7 shim Security Update (Johnny Hughes) 5. CESA-2018:3140 Moderate CentOS 7 fwupdate Security Update (Johnny Hughes) 6. CESA-2020:3217 Moderate CentOS 7 shim-signed Security Update (Johnny Hughes) 7. CESA-2020:3217 Moderate CentOS 7 grub2 Security Update (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Wed, 29 Jul 2020 12:38:47 -0500 From: Brian Stinson <bstinson at centosproject.org> To: centos-announce at centos.org Subject: [CentOS-announce] CentOS Linux, CentOS Stream and the Boot Hole vulnerability Message-ID: <0f0d3ad8-7160-73b7-82d2-6d8ff51ef5f1 at centosproject.org> Content-Type: text/plain; charset=utf-8 We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and are working on releasing new packages for CentOS Linux 7, CentOS Linux 8 and CentOS Stream in response. These should make it out to a mirror near you shortly. /!\ Secureboot Systems - Please do a full update /!\ CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST update the kernel, grub2, and shim packages together. As part of this CVE, we have re-issued the kernel and shim signing certificate authorities, and previously released EL8 kernels cannot boot in secureboot mode with the newer shim/grub2. The following packages boot together in secureboot mode on CentOS Stream: * kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8 * grub2-2.02-87.el8_2 * shim-x64-15-13.el8 The following packages boot together in secureboot mode on CentOS Linux 8: * kernel-4.18.0-193.14.2.el8_2 * grub2-2.02-87.el8_2 * shim-x64-15-13.el8 For systems with CentOS Linux 7 or with secureboot disabled, we strongly recommend doing a full `dnf/yum update` to pick up all of the latest patches at the same time. On behalf of the CentOS Team, -- Brian Stinson ------------------------------ Message: 2 Date: Wed, 29 Jul 2020 13:46:26 -0500 From: Brian Stinson <bstinson at centosproject.org> To: centos-announce at centos.org Subject: [CentOS-announce] [Correction/Additions] CentOS Linux, CentOS Stream and the Boot Hole vulnerability Message-ID: <d82db84a-7564-48bb-ef18-e6dd0a2f5036 at centosproject.org> Content-Type: text/plain; charset=utf-8 On 7/29/20 12:38 PM, Brian Stinson wrote: > We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and > are working on releasing new packages for CentOS Linux 7, CentOS Linux 8 > and CentOS Stream in response. These should make it out to a mirror near > you shortly. > > > /!\ Secureboot Systems - Please do a full update /!\ > > > CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST > update the kernel, grub2, and shim packages together. As part of this > CVE, we have re-issued the kernel and shim signing certificate > authorities, and previously released EL8 kernels cannot boot in > secureboot mode with the newer shim/grub2. > > > The following packages boot together in secureboot mode on CentOS Stream: > > * > > kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8 > > * > > grub2-2.02-87.el8_2 > > * > > shim-x64-15-13.el8 > > > The following packages boot together in secureboot mode on CentOS Linux 8: > > * > > kernel-4.18.0-193.14.2.el8_2 > > * > > grub2-2.02-87.el8_2 > > * > > shim-x64-15-13.el8 > > > For systems with CentOS Linux 7 or with secureboot disabled, we strongly > recommend doing a full `dnf/yum update` to pick up all of the latest > patches at the same time. > > On behalf of the CentOS Team, > > -- > > Brian Stinson > > > _______________________________________________ > CentOS-announce mailing list > CentOS-announce at centos.org > https://lists.centos.org/mailman/listinfo/centos-announce This is a minor correction to the CVE number referenced in this earlier post. CVE-2020-10713 is the correct assignment. This is a link to the research article: https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ And a link to the post on OSS Security with details about related CVEs: https://www.openwall.com/lists/oss-security/2020/07/29/3 ? ------------------------------ Message: 3 Date: Thu, 30 Jul 2020 00:08:16 +0000 From: Johnny Hughes <johnny at centos.org> To: centos-announce at centos.org Subject: [CentOS-announce] CESA-2020:3220 Important CentOS 7 kernel Security Update Message-ID: <20200730000816.GA18261 at bstore1.rdu2.centos.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2020:3220 Important Upstream details at : https://access.redhat.com/errata/RHSA-2020:3220 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 902acadffe6f22819077496921383eaf7b2e83dc506a6ef6024c662bf7aa219b bpftool-3.10.0-1127.18.2.el7.x86_64.rpm 28bd92ee760fa1d9d6665ee33382089eab61f13e44ea46cc77bc7bd456cc78d1 kernel-3.10.0-1127.18.2.el7.x86_64.rpm 92f9b61e88437523d873b8dc22e8a29a44e0a487b0dc5a343ed81fe35428d7c4 kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm 5f0282fc7886ba082a43a0259bd3a6038dd3aca4574bbbceef90a1aba88d9a84 kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm b39c5e6e7b1bb5fb503352e67d0cbf0f20e4040f50ea8a24450cda3d0ce316ef kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm ee25595e47130f137034ab8c665d8509448f1dbba65d4bf4e7fc5292e9d2b7a5 kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm 93dbc66703ceae3244ee11c60d8af22cd10ebd7b182dea59353916941389f0df kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm 686c91ea38d4d22461bb9db234d6204208818a3b9c36e36e33ffe85adf43918b kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm b5780110e4033f75514552d8118119ce545cb00b0f30aeb883d738cb2eb6eaa8 kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm cbcedbc44f834457956181f8a5f5a20a39bdddb10c7d3dd6a324beb388c71321 kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm aaee5ada299aea7c953b48a29d74fb7f2c2e5e23bab0c5cfb2c409c32e16fadb kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm 139a42a53f1b974880e3513eb48d80a63e6071aa2a50370c7e68e9ac2ba52213 perf-3.10.0-1127.18.2.el7.x86_64.rpm 619c92886d32633e098d4e5ef558c46e6452eccdd365a8be75e5d89bafae27a7 python-perf-3.10.0-1127.18.2.el7.x86_64.rpm Source: 6ef0b9b15b602fbf9573a22158fad1537397dc6cfb6ab507ddc31a65335e4837 kernel-3.10.0-1127.18.2.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net Twitter: @JohnnyCentOS ------------------------------ Message: 4 Date: Thu, 30 Jul 2020 00:08:50 +0000 From: Johnny Hughes <johnny at centos.org> To: centos-announce at centos.org Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 shim Security Update Message-ID: <20200730000850.GA18384 at bstore1.rdu2.centos.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2020:3217 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 920e0075aa2fd067ef46bdaeac583b32d8d9871c01db67f1e2ec4b107926df04 shim-unsigned-ia32-15-7.el7_9.x86_64.rpm cd6842c60c2a012c8d8250c46cfd24c3381b392d5f5556a1755829311e74c732 shim-unsigned-x64-15-7.el7_9.x86_64.rpm Source: 249512caa1fc6e5956cded0c0a6fdb7e999c97b86dc6c249773dff614d4f746f shim-15-7.el7_9.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net Twitter: @JohnnyCentOS ------------------------------ Message: 5 Date: Thu, 30 Jul 2020 00:09:07 +0000 From: Johnny Hughes <johnny at centos.org> To: centos-announce at centos.org Subject: [CentOS-announce] CESA-2018:3140 Moderate CentOS 7 fwupdate Security Update Message-ID: <20200730000907.GA18499 at bstore1.rdu2.centos.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2018:3140 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c05389bec1bdbeb04d070fccf0f5bdf8881ad807d6f837f35cbbf68b1848cbb0 fwupdate-12-6.el7.centos.x86_64.rpm 6bf6d673a0b0b1174165533f726dc07d6b804b59a5500958689c5df99572e6ab fwupdate-devel-12-6.el7.centos.x86_64.rpm 52e24c7f1318f068f2611bba1e5f083feb60de6ef7554da28e48ad9120dd49c5 fwupdate-efi-12-6.el7.centos.x86_64.rpm bd06f43c52936c555729b0b1262c077b94fac2b989c4b3a6d218cc1c5ee50ff5 fwupdate-libs-12-6.el7.centos.x86_64.rpm Source: 1e4802e55272b2fc79d6b09f81ed5e325f600b15c3a91774055ac56989d0bf13 fwupdate-12-6.el7.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net Twitter: @JohnnyCentOS ------------------------------ Message: 6 Date: Thu, 30 Jul 2020 00:09:23 +0000 From: Johnny Hughes <johnny at centos.org> To: centos-announce at centos.org Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 shim-signed Security Update Message-ID: <20200730000923.GA18599 at bstore1.rdu2.centos.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2020:3217 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 46d78ecee751d736f35445677f13e9513bcc73e01c21e8b46e19f6d5f9fdb44f mokutil-15-7.el7_9.x86_64.rpm 44a808272f4977f5c81fcb76b18199b90b5bf4b058f2f418014b8c2f24cb5a83 shim-ia32-15-7.el7_9.x86_64.rpm bc8bf6b6c2068d3d9477e9a5596ff038ea1dc233cc3609e56571d4982e7d0879 shim-x64-15-7.el7_9.x86_64.rpm Source: df836efee4f974f207aa81aa396cda6f72daa95380b4d1f9f6659200c828bf5d shim-signed-15-7.el7_9.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net Twitter: @JohnnyCentOS ------------------------------ Message: 7 Date: Thu, 30 Jul 2020 00:10:07 +0000 From: Johnny Hughes <johnny at centos.org> To: centos-announce at centos.org Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 grub2 Security Update Message-ID: <20200730001007.GA18819 at bstore1.rdu2.centos.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2020:3217 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 10f5fc45885e9744b499a8d1830336902b9f4f4dd51ce0575fd5bb18e9047631 grub2-2.02-0.86.el7.centos.x86_64.rpm 9e82c47470c39b8c9c33717412a158f6bc1812fb771990b5dd8496ee1c94b22b grub2-common-2.02-0.86.el7.centos.noarch.rpm c5df733e242a01dac2a0caacf4436ed89ad75524499d26b675cacdae40d52fbd grub2-efi-ia32-2.02-0.86.el7.centos.x86_64.rpm c80037611cffa96c137a0fb8d69fc24c0bb09bdc375e050eb5e31462afa150d2 grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.x86_64.rpm 5136ed781f53e9330c45a1b087415e526db7c34786a3820b5ed6f94a984d602a grub2-efi-ia32-modules-2.02-0.86.el7.centos.noarch.rpm 1ec6e0366621da95205d57d23923c753ba502e8edfcf93cf6a01fe77f5f5af11 grub2-efi-x64-2.02-0.86.el7.centos.x86_64.rpm 1383ce6a6084b7f57053146679c211ea1b26f8301c44a7cbfdba8ea0d78de9f4 grub2-efi-x64-cdboot-2.02-0.86.el7.centos.x86_64.rpm 7b0f54f0c04a7d856a2211e2620f528097ee3c2d2a8d04adfc7d8631b97922df grub2-efi-x64-modules-2.02-0.86.el7.centos.noarch.rpm 8f89bbf59c8970c2521bb90058f66a5fa744b00c80e411faed66a164b4c02a7e grub2-i386-modules-2.02-0.86.el7.centos.noarch.rpm 888f2ae0c70346cd235901ec3f4a8b1aa5a34c6d665b0868fa1ec25291497932 grub2-pc-2.02-0.86.el7.centos.x86_64.rpm 53aac7825660300e05a2bdb6b4d79221788bc50c554f9f1dbd9bf0706fe3db14 grub2-pc-modules-2.02-0.86.el7.centos.noarch.rpm cb5848b77ed2a5f81e8b27a7138917442d54656a3438a92cfa15d4f724549ed4 grub2-tools-2.02-0.86.el7.centos.x86_64.rpm 4441a4895a43bec4adc5bbc9acc8a888c1b0f5db6022f6b18a9099139ee26caa grub2-tools-extra-2.02-0.86.el7.centos.x86_64.rpm c2caccf01f5c959fa74e82800f6e5dc2aaaa59904c453388ad0debae8bbbe51b grub2-tools-minimal-2.02-0.86.el7.centos.x86_64.rpm Source: e5f72d4c65882ee14644d92931f6177a194863702367f1f62228b38547d5dab4 grub2-2.02-0.86.el7.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net Twitter: @JohnnyCentOS ------------------------------ Subject: Digest Footer _______________________________________________ CentOS-announce mailing list CentOS-announce at centos.org https://lists.centos.org/mailman/listinfo/centos-announce ------------------------------ End of CentOS-announce Digest, Vol 185, Issue 4 ***********************************************