rear-2.6-21.el9_3.ML.1

エラータID: AXSA:2024-7585:02

Release date: 
Friday, March 8, 2024 - 14:31
Subject: 
rear-2.6-21.el9_3.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility.

Security Fix(es):

* rear: creates a world-readable initrd (CVE-2024-23301)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

Solution: 

Update packages.

CVEs: 
CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Additional Info: 

N/A

Download: 

SRPMS
  1. rear-2.6-21.el9_3.ML.1.src.rpm
    MD5: f2b1c69a5290c59ff61c5878ca160489
    SHA-256: 7491e2c9efb9985e320956b7fae110e5d4cc95b007d8915c6a99228dd6e87c0b
    Size: 888.68 kB

Asianux Server 9 for x86_64
  1. rear-2.6-21.el9_3.ML.1.x86_64.rpm
    MD5: b04d2d4486005c059cfc9c67d8e24cea
    SHA-256: 166bc4087d49f3a5fa94e36ff1106b99f3fdaeca89789b976e9c0eb6c1c06f10
    Size: 891.23 kB