Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9076
HistoryMar 02, 2021 - 12:00 a.m.

grub2 security update

2021-03-0200:00:00
linux.oracle.com
35

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[2.02-0.87.0.7]

  • Fix CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749
    CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 [Orabug: 32530657]
  • Fix various coverity issues [Orabug: 32530657]
  • Add SBAT metadata to grubx64.efi [Orabug: 32530657]
    [2.02-0.87.0.5]
  • Use similar format for menu entry in grub environment block
  • config file. [Orabug: 32172943]
    [2.02-0.87.0.3]
  • Fix degradation in multiboot2 code [Orabug: 32069510]
    [2.02-0.87.0.1]
  • Update signing certificate for efi binaries
  • Update upstream references [Orabug: 30138841]
  • Restore symlink to grub environment file, that was removed during grub2-efi update
    if grub2 package is also installed on UEFI machines [Orabug: 27345750]
  • fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
  • Fix comparison in patch for [Orabug: 18504756]
  • Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
  • replace dynamic EFI boot folder path generation with predefined ‘redhat’ (Alex Burmashev)
  • Put ‘with’ in menuentry instead of ‘using’ [Orabug: 18504756]
  • Use different titles for UEK and RHCK kernels [Orabug: 18504756]

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C