grub2-2.06-70.el9_3.2.ML.1

エラータID: AXSA:2024-7491:01

リリース日: 
2024/01/31 Wednesday - 17:53
題名: 
grub2-2.06-70.el9_3.2.ML.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- grub2 には、パスワード保護機能に利用するパスワードハッシュ値を
含む設定ファイルの検索方法に問題があるため、対象のマシンを物理的
に操作できる攻撃者により、/boot ファイルシステムと同一の UUID を
持つように細工された USB メモリなどの外部デバイスの挿入を介して、
認証の迂回を可能とする脆弱性が存在します。(CVE-2023-4001)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. grub2-2.06-70.el9_3.2.ML.1.src.rpm
    MD5: e38e16c69b68a23d134c2eb117027920
    SHA-256: f6267ac74f8d61e516b8ba6c648a9586709d456a0cc1841ff8c1f1d5938c12d3
    Size: 15.15 MB

Asianux Server 9 for x86_64
  1. grub2-common-2.06-70.el9_3.2.ML.1.noarch.rpm
    MD5: e953fcc5f98c4a93409e1f3cd8a26a17
    SHA-256: 28aee78ed45a3e2eaf4cd1f082909b449c47f278497c29a15b7e1886de8b8f7f
    Size: 916.03 kB
  2. grub2-efi-x64-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: 8b5169bd9bd9477369faa3662121932f
    SHA-256: 70557226b1f1fb5108933c20f50b133f6f93618b5c0537093e6214a136987f3c
    Size: 1.30 MB
  3. grub2-efi-x64-cdboot-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: 4ead13d48cbe9e383714d15a39ab7e47
    SHA-256: 076f22057c5b5ea67559e80d698f61fa9c7a4dbe5a17ae4c28971522aca88974
    Size: 1.30 MB
  4. grub2-efi-x64-modules-2.06-70.el9_3.2.ML.1.noarch.rpm
    MD5: 23c4c3046c54bf00bcc73da8b6c9d19d
    SHA-256: 78ea05c8b36e25fcd64e353a2f84f66438b9c709c1aba012296049b0d1c68e6a
    Size: 1.09 MB
  5. grub2-pc-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: b8c2e70b24f1feb3a7dfecc6a3b4a34f
    SHA-256: bd4242e4b4d023f48943513c58d5e604078f0b7607bf839dd76778e0973496cb
    Size: 13.63 kB
  6. grub2-pc-modules-2.06-70.el9_3.2.ML.1.noarch.rpm
    MD5: 5692adf00d75df245807bd6d82ebabd6
    SHA-256: 694e6c2a17b4a3439ef0097dd2e0ad13b97bfc659894d982d9e6e1f97a9b061b
    Size: 0.95 MB
  7. grub2-tools-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: 007afe7505c4aff4152b9f71ef3f5878
    SHA-256: d04027658d06d7c85644750ad9a57f18c44d81c8820d1351c05f8c5a211ecdcd
    Size: 1.83 MB
  8. grub2-tools-efi-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: 775d76d8c900989d1acb8cca8653dde6
    SHA-256: 5070937bdb6c80cdfdf8f96d2dbc07cc6229ca7a0c6200faf8b079f946e8b88a
    Size: 539.50 kB
  9. grub2-tools-extra-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: 805ccb7980d298120a907aec0bac5b1b
    SHA-256: 3be49fdd575559cc36e5a3c22de88180e249de8cae26dc8a1d7337431fff1985
    Size: 844.18 kB
  10. grub2-tools-minimal-2.06-70.el9_3.2.ML.1.x86_64.rpm
    MD5: a7fe88ab2bd165b4be81b8b2dab95474
    SHA-256: 28f8f384168f39ca254e9de65d8bc287b8003987b876697ba1901a78d798c018
    Size: 606.80 kB