grub2-2.02-123.el8.8.ML.1, mokutil-0.3.0-11.el8.1, shim-15.6-1.el8.ML.1, shim-unsigned-x64-15.6-1.el8.ML.1
エラータID: AXSA:2022-4042:01
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)
* grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)
* grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)
* grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)
* grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)
* grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)
* grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)
* shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-3695
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-3696
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-3697
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-28733
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-28734
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-28735
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-28736
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-28737
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Update packages.
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
N/A
SRPMS
- grub2-2.02-123.el8.8.ML.1.src.rpm
MD5: 30477d7b2230ff4af5d98a5ee675a4bb
SHA-256: e5dcd7cbe492c6dd131b80a5e11f79c3f50b4c4a35e1d0f4351d77b6e1d7a099
Size: 7.80 MB - mokutil-0.3.0-11.el8.1.src.rpm
MD5: badb004a470ab8fe6b1a85d2577877c7
SHA-256: 259e7f2cfcccf43f8561c7342cec8c95a24faf9ab5bfbcc3e76c15fcef9572df
Size: 52.63 kB - shim-15.6-1.el8.ML.1.src.rpm
MD5: 152438676d2e333a9fb676061cd2fa99
SHA-256: 37ff453767abfe34cb1f47f14bcb30e51925a42ce13f6d65f08e1a91aa77788e
Size: 708.77 kB - shim-unsigned-x64-15.6-1.el8.ML.1.src.rpm
MD5: 97250c092b95a478cdf60f41c3d3d96d
SHA-256: f42fb847bd7fa69ceaf159889d5c4096d97acfeaf604e230719ccab1fc88d552
Size: 1.29 MB
Asianux Server 8 for x86_64
- grub2-common-2.02-123.el8.8.ML.1.noarch.rpm
MD5: 7b541ba527a2f14fbfb2c83870330500
SHA-256: fc0e214c34432e609e0993b449737b004b11d6d5b6640084e053f1b01638e7bb
Size: 892.22 kB - grub2-efi-ia32-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: f4fa398b3c2d07eb4368aad062e2f5e3
SHA-256: ccc80766fca45ab5fb4479602bbb6048e2c963a2628fa3bf6d819e05ab787e1e
Size: 442.04 kB - grub2-efi-ia32-cdboot-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: ce04a64ab82ec988fda6f0785a0f07bf
SHA-256: e0aac9039574eff1c0300f36933f04e1efc297fe55fb03d8e6bd22f44dc017ce
Size: 1.20 MB - grub2-efi-ia32-modules-2.02-123.el8.8.ML.1.noarch.rpm
MD5: ba0230594dd913d38cc8a3d885a34fb5
SHA-256: fe27ffc689a6b35d8a038398473f3e7a3cdecf1f22667c04c20a7f0f4588fe5f
Size: 1.05 MB - grub2-efi-x64-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: a1498861db48d1b8ba7f851dae1a902c
SHA-256: e4c8170f5e98eda6c71b119f7bfb8926452e2b20c378c26f950fc15342011930
Size: 466.07 kB - grub2-efi-x64-cdboot-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: 4366f46eb8b0a6c5a53060ce0b631cb5
SHA-256: e9104e3b6ea1c19fccf09197ffde770a97e9087130389795f0b34734543f73c3
Size: 1.23 MB - grub2-efi-x64-modules-2.02-123.el8.8.ML.1.noarch.rpm
MD5: c5f3f26cce73fc05946f47ec633c16e4
SHA-256: 13566e2fa21bc60ce596b38438ccff39ecbdcea491f759a2ae6969374fc39bda
Size: 1.07 MB - grub2-pc-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: 58714138dcc150df0bdfffa037e0fff0
SHA-256: 1910d0e488fc6975acd26fa9ddc4e6d9a632d1763b58e75e971695605bdf4ad0
Size: 43.02 kB - grub2-tools-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: 70c80ef88e55946a59b0546b2b77ca94
SHA-256: 4b96e81ae931db5fac52c88eca75b37853aef544fdf06e8ace1bfc99add9d16c
Size: 1.98 MB - grub2-tools-efi-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: 9a811156830171264f9b71ad57e8ac0c
SHA-256: e7130d8ff754d87e95925ef9f819a545d214d77da3ff8e01d5fb522e9d3a1b04
Size: 475.86 kB - grub2-tools-extra-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: a02fc8200c7dcea36e9ecd59af2aff38
SHA-256: 59c4e369e0cf4f1792bf3e68d34ef2d6afad5c69ae4e62f5d14381048d4508ad
Size: 1.07 MB - grub2-tools-minimal-2.02-123.el8.8.ML.1.x86_64.rpm
MD5: 315d6144989fc19b1cced79497de501a
SHA-256: 5307ef3cdd861c60a0c952a1ff470b3a0ece1200b7e86a763fb1a8e84e4f7b21
Size: 210.52 kB - mokutil-0.3.0-11.el8.1.x86_64.rpm
MD5: ef2c730783301373b6c14ac33e2d9723
SHA-256: 7d52f80be58839c68a028918411ba488c903ae154fd2b8ccca0b194096a0c806
Size: 44.76 kB - shim-ia32-15.6-1.el8.ML.1.x86_64.rpm
MD5: 722989c1b643b79ee38dc38757c6928c
SHA-256: 9fcc93a2f44f2962b38c1c99930265b5522bd3655543fea71ae395fb10263543
Size: 784.62 kB - shim-x64-15.6-1.el8.ML.1.x86_64.rpm
MD5: c6f96f405c8b630e92856e72a5df5c8c
SHA-256: 8c6c6c4bd787e94d037ebefe2b4046c962c943339921ae7c7981c8d59b73c177
Size: 452.23 kB - shim-unsigned-ia32-15.6-1.el8.ML.1.x86_64.rpm
MD5: 353ff635d766227c768b3c91ba866288
SHA-256: ecd7060884cb161536a6e7b1a218ac8aa56f71e9b0ed529f253bae3dd23cfce5
Size: 403.96 kB - shim-unsigned-x64-15.6-1.el8.ML.1.x86_64.rpm
MD5: c09612e0a1b9d94f88579ea8806e63b1
SHA-256: 7640b212dec9602eb05639ede647bb3b30746cee225b8b9d2642ee8c8046e31b
Size: 452.83 kB - grub2-pc-modules-2.02-123.el8.8.ML.1.noarch.rpm
MD5: 63b1c3b6239225e6e0172d549213ebc9
SHA-256: 44deb55331e832f2d51c5b31aa3e3059abc8e18247d4fc912bede22d023b443c
Size: 918.57 kB
日本語