I saw this today: http://linux.slashdot.org/story/15/12/16/040223/0-day-grub2-authentication-bypass-hits-linux I installed a grub2 update in 7.2 yesterday. Did the update fix this? -wes
On Thu, Dec 17, 2015 at 1:19 PM, Wes James <comptekki at me.com> wrote:> I saw this today: > > > http://linux.slashdot.org/story/15/12/16/040223/0-day-grub2-authentication-bypass-hits-linux > > I installed a grub2 update in 7.2 yesterday. Did the update fix this? >>From the changelog, I'd say yes.~]# yum changelog 1 grub2 <...snipped..> Listing 1 changelog ==================== Installed Packages ===================1:grub2-2.02-0.33.el7.centos.1.x86_64 installed * Wed Dec 16 07:00:00 2015 Karanbir Singh <kbsingh at centos.org> 2.02-0.33.el7.centos.1 - Add patch to fix grub password path ( hughesjr ) changelog stats. 1 pkg, 1 source pkg, 1 changelog -- ---~~.~~--- Mike // SilverTip257 //
On Thu, Dec 17, 2015 at 1:29 PM, Mike - st257 <silvertip257 at gmail.com> wrote:> > On Thu, Dec 17, 2015 at 1:19 PM, Wes James <comptekki at me.com> wrote: > >> I saw this today: >> >> >> http://linux.slashdot.org/story/15/12/16/040223/0-day-grub2-authentication-bypass-hits-linux >> >> I installed a grub2 update in 7.2 yesterday. Did the update fix this? >> > > From the changelog, I'd say yes. >Meant to also include the RH Advisory URL. https://rhn.redhat.com/errata/RHSA-2015-2623.html> > ~]# yum changelog 1 grub2 > <...snipped..> > > Listing 1 changelog > > ==================== Installed Packages ===================> 1:grub2-2.02-0.33.el7.centos.1.x86_64 installed > * Wed Dec 16 07:00:00 2015 Karanbir Singh <kbsingh at centos.org> > 2.02-0.33.el7.centos.1 > - Add patch to fix grub password path ( hughesjr ) > > changelog stats. 1 pkg, 1 source pkg, 1 changelog > > > -- > ---~~.~~--- > Mike > // SilverTip257 // >-- ---~~.~~--- Mike // SilverTip257 //
> On Dec 17, 2015, at 11:29 AM, Mike - st257 <silvertip257 at gmail.com> wrote: > > On Thu, Dec 17, 2015 at 1:19 PM, Wes James <comptekki at me.com> wrote: > >> I saw this today: >> >> >> http://linux.slashdot.org/story/15/12/16/040223/0-day-grub2-authentication-bypass-hits-linux >> >> I installed a grub2 update in 7.2 yesterday. Did the update fix this? >> > > From the changelog, I'd say yes. > > ~]# yum changelog 1 grub2 > <...snipped..> > > Listing 1 changelog > > ==================== Installed Packages ===================> 1:grub2-2.02-0.33.el7.centos.1.x86_64 installed > * Wed Dec 16 07:00:00 2015 Karanbir Singh <kbsingh at centos.org> > 2.02-0.33.el7.centos.1 > - Add patch to fix grub password path ( hughesjr ) > > changelog stats. 1 pkg, 1 source pkg, 1 changelog >OK. Thanks. I?ll use that command next time to check. -wes