[CentOS-announce] CentOS Linux, CentOS Stream and the Boot Hole vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and
are working on releasing new packages for CentOS Linux 7, CentOS Linux 8
and CentOS Stream in response. These should make it out to a mirror near
you shortly.


/!\ Secureboot Systems - Please do a full update /!\


CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST
update the kernel, grub2, and shim packages together. As part of this
CVE, we have re-issued the kernel and shim signing certificate
authorities, and previously released EL8 kernels cannot boot in
secureboot mode with the newer shim/grub2.


The following packages boot together in secureboot mode on CentOS Stream:

  *

    kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8

  *

    grub2-2.02-87.el8_2

  *

    shim-x64-15-13.el8


The following packages boot together in secureboot mode on CentOS Linux 8:

  *

    kernel-4.18.0-193.14.2.el8_2

  *

    grub2-2.02-87.el8_2

  *

    shim-x64-15-13.el8


For systems with CentOS Linux 7 or with secureboot disabled, we strongly
recommend doing a full `dnf/yum update` to pick up all of the latest
patches at the same time.

On behalf of the CentOS Team,

--

Brian Stinson


_______________________________________________
CentOS-announce mailing list
CentOS-announce@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-announce



[Index of Archives]     [CentOS Discussion]     [CentOS Development]     [CentOS ARM Development]     [Fedora Announce]     [Fedora Package Announce]     [Internet PBX]     [DCCP]     [Netdev]     [X.org]     [Linux USB]

  Powered by Linux