centos-announce-request at centos.org
2020-Jul-30 12:00 UTC
[CentOS] CentOS-announce Digest, Vol 185, Issue 4
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CentOS Linux, CentOS Stream and the Boot Hole vulnerability
(Brian Stinson)
2. [Correction/Additions] CentOS Linux, CentOS Stream and the
Boot Hole vulnerability (Brian Stinson)
3. CESA-2020:3220 Important CentOS 7 kernel Security Update
(Johnny Hughes)
4. CESA-2020:3217 Moderate CentOS 7 shim Security Update
(Johnny Hughes)
5. CESA-2018:3140 Moderate CentOS 7 fwupdate Security Update
(Johnny Hughes)
6. CESA-2020:3217 Moderate CentOS 7 shim-signed Security Update
(Johnny Hughes)
7. CESA-2020:3217 Moderate CentOS 7 grub2 Security Update
(Johnny Hughes)
----------------------------------------------------------------------
Message: 1
Date: Wed, 29 Jul 2020 12:38:47 -0500
From: Brian Stinson <bstinson at centosproject.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CentOS Linux, CentOS Stream and the Boot
Hole vulnerability
Message-ID: <0f0d3ad8-7160-73b7-82d2-6d8ff51ef5f1 at centosproject.org>
Content-Type: text/plain; charset=utf-8
We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and
are working on releasing new packages for CentOS Linux 7, CentOS Linux 8
and CentOS Stream in response. These should make it out to a mirror near
you shortly.
/!\ Secureboot Systems - Please do a full update /!\
CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST
update the kernel, grub2, and shim packages together. As part of this
CVE, we have re-issued the kernel and shim signing certificate
authorities, and previously released EL8 kernels cannot boot in
secureboot mode with the newer shim/grub2.
The following packages boot together in secureboot mode on CentOS Stream:
*
kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8
*
grub2-2.02-87.el8_2
*
shim-x64-15-13.el8
The following packages boot together in secureboot mode on CentOS Linux 8:
*
kernel-4.18.0-193.14.2.el8_2
*
grub2-2.02-87.el8_2
*
shim-x64-15-13.el8
For systems with CentOS Linux 7 or with secureboot disabled, we strongly
recommend doing a full `dnf/yum update` to pick up all of the latest
patches at the same time.
On behalf of the CentOS Team,
--
Brian Stinson
------------------------------
Message: 2
Date: Wed, 29 Jul 2020 13:46:26 -0500
From: Brian Stinson <bstinson at centosproject.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] [Correction/Additions] CentOS Linux, CentOS
Stream and the Boot Hole vulnerability
Message-ID: <d82db84a-7564-48bb-ef18-e6dd0a2f5036 at centosproject.org>
Content-Type: text/plain; charset=utf-8
On 7/29/20 12:38 PM, Brian Stinson wrote:> We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and
> are working on releasing new packages for CentOS Linux 7, CentOS Linux 8
> and CentOS Stream in response. These should make it out to a mirror near
> you shortly.
>
>
> /!\ Secureboot Systems - Please do a full update /!\
>
>
> CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST
> update the kernel, grub2, and shim packages together. As part of this
> CVE, we have re-issued the kernel and shim signing certificate
> authorities, and previously released EL8 kernels cannot boot in
> secureboot mode with the newer shim/grub2.
>
>
> The following packages boot together in secureboot mode on CentOS Stream:
>
> *
>
> kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8
>
> *
>
> grub2-2.02-87.el8_2
>
> *
>
> shim-x64-15-13.el8
>
>
> The following packages boot together in secureboot mode on CentOS Linux 8:
>
> *
>
> kernel-4.18.0-193.14.2.el8_2
>
> *
>
> grub2-2.02-87.el8_2
>
> *
>
> shim-x64-15-13.el8
>
>
> For systems with CentOS Linux 7 or with secureboot disabled, we strongly
> recommend doing a full `dnf/yum update` to pick up all of the latest
> patches at the same time.
>
> On behalf of the CentOS Team,
>
> --
>
> Brian Stinson
>
>
> _______________________________________________
> CentOS-announce mailing list
> CentOS-announce at centos.org
> https://lists.centos.org/mailman/listinfo/centos-announce
This is a minor correction to the CVE number referenced in this earlier
post.
CVE-2020-10713 is the correct assignment.
This is a link to the research article:
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
And a link to the post on OSS Security with details about related CVEs:
https://www.openwall.com/lists/oss-security/2020/07/29/3
?
------------------------------
Message: 3
Date: Thu, 30 Jul 2020 00:08:16 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2020:3220 Important CentOS 7 kernel
Security Update
Message-ID: <20200730000816.GA18261 at bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2020:3220 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3220
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
902acadffe6f22819077496921383eaf7b2e83dc506a6ef6024c662bf7aa219b
bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
28bd92ee760fa1d9d6665ee33382089eab61f13e44ea46cc77bc7bd456cc78d1
kernel-3.10.0-1127.18.2.el7.x86_64.rpm
92f9b61e88437523d873b8dc22e8a29a44e0a487b0dc5a343ed81fe35428d7c4
kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
5f0282fc7886ba082a43a0259bd3a6038dd3aca4574bbbceef90a1aba88d9a84
kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
b39c5e6e7b1bb5fb503352e67d0cbf0f20e4040f50ea8a24450cda3d0ce316ef
kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
ee25595e47130f137034ab8c665d8509448f1dbba65d4bf4e7fc5292e9d2b7a5
kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
93dbc66703ceae3244ee11c60d8af22cd10ebd7b182dea59353916941389f0df
kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm
686c91ea38d4d22461bb9db234d6204208818a3b9c36e36e33ffe85adf43918b
kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
b5780110e4033f75514552d8118119ce545cb00b0f30aeb883d738cb2eb6eaa8
kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
cbcedbc44f834457956181f8a5f5a20a39bdddb10c7d3dd6a324beb388c71321
kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
aaee5ada299aea7c953b48a29d74fb7f2c2e5e23bab0c5cfb2c409c32e16fadb
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm
139a42a53f1b974880e3513eb48d80a63e6071aa2a50370c7e68e9ac2ba52213
perf-3.10.0-1127.18.2.el7.x86_64.rpm
619c92886d32633e098d4e5ef558c46e6452eccdd365a8be75e5d89bafae27a7
python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
Source:
6ef0b9b15b602fbf9573a22158fad1537397dc6cfb6ab507ddc31a65335e4837
kernel-3.10.0-1127.18.2.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Twitter: @JohnnyCentOS
------------------------------
Message: 4
Date: Thu, 30 Jul 2020 00:08:50 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 shim
Security Update
Message-ID: <20200730000850.GA18384 at bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2020:3217 Moderate
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
920e0075aa2fd067ef46bdaeac583b32d8d9871c01db67f1e2ec4b107926df04
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
cd6842c60c2a012c8d8250c46cfd24c3381b392d5f5556a1755829311e74c732
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
Source:
249512caa1fc6e5956cded0c0a6fdb7e999c97b86dc6c249773dff614d4f746f
shim-15-7.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Twitter: @JohnnyCentOS
------------------------------
Message: 5
Date: Thu, 30 Jul 2020 00:09:07 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2018:3140 Moderate CentOS 7 fwupdate
Security Update
Message-ID: <20200730000907.GA18499 at bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2018:3140 Moderate
Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c05389bec1bdbeb04d070fccf0f5bdf8881ad807d6f837f35cbbf68b1848cbb0
fwupdate-12-6.el7.centos.x86_64.rpm
6bf6d673a0b0b1174165533f726dc07d6b804b59a5500958689c5df99572e6ab
fwupdate-devel-12-6.el7.centos.x86_64.rpm
52e24c7f1318f068f2611bba1e5f083feb60de6ef7554da28e48ad9120dd49c5
fwupdate-efi-12-6.el7.centos.x86_64.rpm
bd06f43c52936c555729b0b1262c077b94fac2b989c4b3a6d218cc1c5ee50ff5
fwupdate-libs-12-6.el7.centos.x86_64.rpm
Source:
1e4802e55272b2fc79d6b09f81ed5e325f600b15c3a91774055ac56989d0bf13
fwupdate-12-6.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Twitter: @JohnnyCentOS
------------------------------
Message: 6
Date: Thu, 30 Jul 2020 00:09:23 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7
shim-signed Security Update
Message-ID: <20200730000923.GA18599 at bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2020:3217 Moderate
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
46d78ecee751d736f35445677f13e9513bcc73e01c21e8b46e19f6d5f9fdb44f
mokutil-15-7.el7_9.x86_64.rpm
44a808272f4977f5c81fcb76b18199b90b5bf4b058f2f418014b8c2f24cb5a83
shim-ia32-15-7.el7_9.x86_64.rpm
bc8bf6b6c2068d3d9477e9a5596ff038ea1dc233cc3609e56571d4982e7d0879
shim-x64-15-7.el7_9.x86_64.rpm
Source:
df836efee4f974f207aa81aa396cda6f72daa95380b4d1f9f6659200c828bf5d
shim-signed-15-7.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Twitter: @JohnnyCentOS
------------------------------
Message: 7
Date: Thu, 30 Jul 2020 00:10:07 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2020:3217 Moderate CentOS 7 grub2
Security Update
Message-ID: <20200730001007.GA18819 at bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2020:3217 Moderate
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3217
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
10f5fc45885e9744b499a8d1830336902b9f4f4dd51ce0575fd5bb18e9047631
grub2-2.02-0.86.el7.centos.x86_64.rpm
9e82c47470c39b8c9c33717412a158f6bc1812fb771990b5dd8496ee1c94b22b
grub2-common-2.02-0.86.el7.centos.noarch.rpm
c5df733e242a01dac2a0caacf4436ed89ad75524499d26b675cacdae40d52fbd
grub2-efi-ia32-2.02-0.86.el7.centos.x86_64.rpm
c80037611cffa96c137a0fb8d69fc24c0bb09bdc375e050eb5e31462afa150d2
grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.x86_64.rpm
5136ed781f53e9330c45a1b087415e526db7c34786a3820b5ed6f94a984d602a
grub2-efi-ia32-modules-2.02-0.86.el7.centos.noarch.rpm
1ec6e0366621da95205d57d23923c753ba502e8edfcf93cf6a01fe77f5f5af11
grub2-efi-x64-2.02-0.86.el7.centos.x86_64.rpm
1383ce6a6084b7f57053146679c211ea1b26f8301c44a7cbfdba8ea0d78de9f4
grub2-efi-x64-cdboot-2.02-0.86.el7.centos.x86_64.rpm
7b0f54f0c04a7d856a2211e2620f528097ee3c2d2a8d04adfc7d8631b97922df
grub2-efi-x64-modules-2.02-0.86.el7.centos.noarch.rpm
8f89bbf59c8970c2521bb90058f66a5fa744b00c80e411faed66a164b4c02a7e
grub2-i386-modules-2.02-0.86.el7.centos.noarch.rpm
888f2ae0c70346cd235901ec3f4a8b1aa5a34c6d665b0868fa1ec25291497932
grub2-pc-2.02-0.86.el7.centos.x86_64.rpm
53aac7825660300e05a2bdb6b4d79221788bc50c554f9f1dbd9bf0706fe3db14
grub2-pc-modules-2.02-0.86.el7.centos.noarch.rpm
cb5848b77ed2a5f81e8b27a7138917442d54656a3438a92cfa15d4f724549ed4
grub2-tools-2.02-0.86.el7.centos.x86_64.rpm
4441a4895a43bec4adc5bbc9acc8a888c1b0f5db6022f6b18a9099139ee26caa
grub2-tools-extra-2.02-0.86.el7.centos.x86_64.rpm
c2caccf01f5c959fa74e82800f6e5dc2aaaa59904c453388ad0debae8bbbe51b
grub2-tools-minimal-2.02-0.86.el7.centos.x86_64.rpm
Source:
e5f72d4c65882ee14644d92931f6177a194863702367f1f62228b38547d5dab4
grub2-2.02-0.86.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Twitter: @JohnnyCentOS
------------------------------
Subject: Digest Footer
_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
------------------------------
End of CentOS-announce Digest, Vol 185, Issue 4
***********************************************
Seemingly Similar Threads
- CentOS Linux, CentOS Stream and the Boot Hole vulnerability
- 8.2.2004 Latest yum update renders machine unbootable
- 8.2.2004 Latest yum update renders machine unbootable
- SecureBoot : rolling out new shim pkgs for CentOS 7.5.1804 in CR repository - asking for testers/feedback
- 8.2.2004 Latest yum update renders machine unbootable
Wisdom of the Ancients
