fwupd-1.1.4-7.0.1.el8, grub2-2.02-87.0.1.el8, shim-15-15.0.1, shim-unsigned-x64-15-8.0.1.el8

エラータID: AXSA:2020-773:01

Release date: 
Wednesday, October 28, 2020 - 12:35
Subject: 
fwupd-1.1.4-7.0.1.el8, grub2-2.02-87.0.1.el8, shim-15-15.0.1, shim-unsigned-x64-15-8.0.1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a
highly configurable and customizable boot loader with modular architecture. The
packages support a variety of kernel formats, file systems, computer
architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles chaining
to a trusted full boot loader under secure boot environments.

The fwupd packages provide a service that allows session software to update
device firmware.

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)

* grub2: grub_malloc does not validate allocation size allowing for arithmetic
overflow and subsequent heap-based buffer overflow (CVE-2020-14308)

* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based
buffer overflow (CVE-2020-14309)

* grub2: Integer overflow read_section_as_string may lead to heap-based buffer
overflow (CVE-2020-14310)

* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)

* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)

* grub2: Integer overflow in initrd size handling (CVE-2020-15707)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2020-10713
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for
possible arithmetic overflows on the requested allocation size. This leads the
function to return invalid memory allocations which can be further used to cause
possible integrity, confidentiality and availability impacts during the boot
process.
CVE-2020-14309
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-14310
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-14311
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim,
allowing secure boot to be bypassed. This only affects systems where the kernel
signing certificate has been imported directly into the secure boot database and
the GRUB image is booted directly without the use of shim. This issue affects
GRUB2 version 2.04 and prior versions.
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a
use-after-free vulnerability which can be triggered by redefining a function
whilst the same function is already executing, leading to arbitrary code
execution and secure boot restriction bypass. This issue affects GRUB2 version
2.04 and prior versions.
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and
grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red
Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading
to a heap-based buffer overflow. These could be triggered by an extremely large
number of arguments to the initrd command on 32-bit architectures, or a crafted
filesystem with very large files on any architecture. An attacker could use this
to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue
affects GRUB2 version 2.04 and prior versions.

Solution: 

Update packages.

CVEs: 
CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Additional Info: 

N/A

Download: 

SRPMS
  1. fwupd-1.1.4-7.0.1.el8.src.rpm
    MD5: 92f0cde22d76140b6dd7ab2f6a8d3bd4
    SHA-256: be8af99d883bba0caf9cc2d6b35c3c768edd16136af3a062dd4ae1d0a74b0267
    Size: 1.29 MB
  2. grub2-2.02-87.0.1.el8.src.rpm
    MD5: 32659b7b15f27acf00fbaa609177012c
    SHA-256: 3cdd52567b7d729dbcd28ece06c19f52bb0d71f11530f65e70f036d825c189a4
    Size: 7.46 MB
  3. shim-15-15.0.1.src.rpm
    MD5: fdef091ba4bba85b5c0e94390c114502
    SHA-256: 11cbe499417a4c0fb67256783ad7c10ee851b4bedc16461c02fd71a5b93c848b
    Size: 767.45 kB
  4. shim-unsigned-x64-15-8.0.1.el8.src.rpm
    MD5: 31acf0be009efd5db46a8b61a86b549a
    SHA-256: 39a2d744beab9970d8b99045530615954d46dc3da76c466dc6eb3c283edd5dc7
    Size: 1.07 MB

Asianux Server 8 for x86_64
  1. fwupd-1.1.4-7.0.1.el8.x86_64.rpm
    MD5: e8f52280e31ea29b2ea5e8e7b10c0e97
    SHA-256: 6a1855326b0dca910f607a469840892dfd10b266d45e01fb52d42d788c8e9283
    Size: 2.10 MB
  2. grub2-common-2.02-87.0.1.el8.noarch.rpm
    MD5: e53541b36c81c900496100ef4f330193
    SHA-256: 0ef1a1335bd19e2fda27fba37f0a03f74ad57831eaa5197f3420e2ce399fd1f7
    Size: 881.43 kB
  3. grub2-efi-ia32-2.02-87.0.1.el8.x86_64.rpm
    MD5: 47b0d967be11bac225d3dd035a900fb8
    SHA-256: 7de6614ffa749fbd2dbae37e14adf03f916298de5fff53ece15cd18d97522aa8
    Size: 380.54 kB
  4. grub2-efi-ia32-cdboot-2.02-87.0.1.el8.x86_64.rpm
    MD5: ad962901566c989e9ef937933246d58a
    SHA-256: 4fb52120cb3abeae277e833c20eb14be662ee25e69ea5ac0d5cf2dd2342fc594
    Size: 1.14 MB
  5. grub2-efi-ia32-modules-2.02-87.0.1.el8.noarch.rpm
    MD5: 4832a3a4da2812c187c52d60174095be
    SHA-256: 529a79dd4a1fcf665bd158f58d587bcb63fac90c9ef31b8485c780595d019bf7
    Size: 0.97 MB
  6. grub2-efi-x64-2.02-87.0.1.el8.x86_64.rpm
    MD5: bc7162e689c9e53c0c7f79dd9d6b940c
    SHA-256: de4d9d4f9e0e1038efd7b414c5668e9ac33018ec575ea32fdafa584c576a5202
    Size: 402.59 kB
  7. grub2-efi-x64-cdboot-2.02-87.0.1.el8.x86_64.rpm
    MD5: 00fa865a92b690c319b5f577e4eac617
    SHA-256: fa8960bca287b24ddb3ab3daf6c23b0f13a68404b2b12ff2accbeded2ef86fdb
    Size: 1.16 MB
  8. grub2-efi-x64-modules-2.02-87.0.1.el8.noarch.rpm
    MD5: 2416ca26364758e2ab0b3989a2f9b52b
    SHA-256: a48431f901cfcc0273814e0c447725c368cf39e1fdc054fa9a8e700b63f1fbf4
    Size: 1.00 MB
  9. grub2-pc-2.02-87.0.1.el8.x86_64.rpm
    MD5: 7a3d3a1a259d85becdfdc28dd1d06cf8
    SHA-256: b0db57952fca577da7fcbe150819b1361b26af9ff67dfd27af8323d51dfed031
    Size: 36.24 kB
  10. grub2-tools-2.02-87.0.1.el8.x86_64.rpm
    MD5: 8ec51c5b6ebd84a76d884b0782bc0451
    SHA-256: c4acc9b560320ee737ca413164cea5144d75bc3d271098ddb2512a433e1a03c5
    Size: 1.95 MB
  11. grub2-tools-efi-2.02-87.0.1.el8.x86_64.rpm
    MD5: e7b17228581b8e1eae0fa4c9aa6dc773
    SHA-256: 3ba948fdb7b5d2653c72592ed338243ad762f093c21b5e0a953a7a25c3ddeb6f
    Size: 466.12 kB
  12. grub2-tools-extra-2.02-87.0.1.el8.x86_64.rpm
    MD5: e71cdec108809f7ea32cea1fc7c65be2
    SHA-256: 09a83a170acee136c94bbd45bd48ea679ff58aed68f908b158a147ce5c0c4af0
    Size: 1.06 MB
  13. grub2-tools-minimal-2.02-87.0.1.el8.x86_64.rpm
    MD5: 40daedc90bee4a90a17da21a77386972
    SHA-256: 2a498e19e1432ca102190460d933b613b73e2c2d99cd9e068732380118253591
    Size: 201.41 kB
  14. shim-ia32-15-15.0.1.x86_64.rpm
    MD5: 400176d5ddfe7c6ea6210b6650466db7
    SHA-256: 5fc87ca91543a82040b67c6757a968fddeb77c7b0f4a3c48e069f2047b1adec0
    Size: 0.99 MB
  15. shim-x64-15-15.0.1.x86_64.rpm
    MD5: eda66924634a28aba36881b0a139ea46
    SHA-256: 3e20c7a75f46f4380b49124e47d9c30185a018238867699324a14913bafbd393
    Size: 655.59 kB
  16. shim-unsigned-ia32-15-8.0.1.el8.x86_64.rpm
    MD5: 5dd6ffe1f220ea2cfe4172173098340c
    SHA-256: df586c28733c1221352e2bc603acd623d414c6d2f19c5c440661e8d7d484465d
    Size: 463.15 kB
  17. shim-unsigned-x64-15-8.0.1.el8.x86_64.rpm
    MD5: 897e27a45dfb7733cb31c5ad8aa1822b
    SHA-256: e9bda7116d322111ab3cd602df4c3ebf75afc18e89de6c6e6996ade307afc9ee
    Size: 506.54 kB
  18. grub2-pc-modules-2.02-87.0.1.el8.noarch.rpm
    MD5: 8a59a910af857af1c0ca321e8ac3686a
    SHA-256: 969fcd9e5ba08892563f2499e46064bd1faa8920c805d290f9be7b52f0232187
    Size: 861.80 kB