grub2-2.06-70.el9_3.2.ML.1
エラータID: AXSA:2024-7491:01
リリース日:
2024/01/31 Wednesday - 17:53
題名:
grub2-2.06-70.el9_3.2.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- grub2 には、パスワード保護機能に利用するパスワードハッシュ値を
含む設定ファイルの検索方法に問題があるため、対象のマシンを物理的
に操作できる攻撃者により、/boot ファイルシステムと同一の UUID を
持つように細工された USB メモリなどの外部デバイスの挿入を介して、
認証の迂回を可能とする脆弱性が存在します。(CVE-2023-4001)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
追加情報:
N/A
ダウンロード:
SRPMS
- grub2-2.06-70.el9_3.2.ML.1.src.rpm
MD5: e38e16c69b68a23d134c2eb117027920
SHA-256: f6267ac74f8d61e516b8ba6c648a9586709d456a0cc1841ff8c1f1d5938c12d3
Size: 15.15 MB
Asianux Server 9 for x86_64
- grub2-common-2.06-70.el9_3.2.ML.1.noarch.rpm
MD5: e953fcc5f98c4a93409e1f3cd8a26a17
SHA-256: 28aee78ed45a3e2eaf4cd1f082909b449c47f278497c29a15b7e1886de8b8f7f
Size: 916.03 kB - grub2-efi-x64-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: 8b5169bd9bd9477369faa3662121932f
SHA-256: 70557226b1f1fb5108933c20f50b133f6f93618b5c0537093e6214a136987f3c
Size: 1.30 MB - grub2-efi-x64-cdboot-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: 4ead13d48cbe9e383714d15a39ab7e47
SHA-256: 076f22057c5b5ea67559e80d698f61fa9c7a4dbe5a17ae4c28971522aca88974
Size: 1.30 MB - grub2-efi-x64-modules-2.06-70.el9_3.2.ML.1.noarch.rpm
MD5: 23c4c3046c54bf00bcc73da8b6c9d19d
SHA-256: 78ea05c8b36e25fcd64e353a2f84f66438b9c709c1aba012296049b0d1c68e6a
Size: 1.09 MB - grub2-pc-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: b8c2e70b24f1feb3a7dfecc6a3b4a34f
SHA-256: bd4242e4b4d023f48943513c58d5e604078f0b7607bf839dd76778e0973496cb
Size: 13.63 kB - grub2-pc-modules-2.06-70.el9_3.2.ML.1.noarch.rpm
MD5: 5692adf00d75df245807bd6d82ebabd6
SHA-256: 694e6c2a17b4a3439ef0097dd2e0ad13b97bfc659894d982d9e6e1f97a9b061b
Size: 0.95 MB - grub2-tools-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: 007afe7505c4aff4152b9f71ef3f5878
SHA-256: d04027658d06d7c85644750ad9a57f18c44d81c8820d1351c05f8c5a211ecdcd
Size: 1.83 MB - grub2-tools-efi-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: 775d76d8c900989d1acb8cca8653dde6
SHA-256: 5070937bdb6c80cdfdf8f96d2dbc07cc6229ca7a0c6200faf8b079f946e8b88a
Size: 539.50 kB - grub2-tools-extra-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: 805ccb7980d298120a907aec0bac5b1b
SHA-256: 3be49fdd575559cc36e5a3c22de88180e249de8cae26dc8a1d7337431fff1985
Size: 844.18 kB - grub2-tools-minimal-2.06-70.el9_3.2.ML.1.x86_64.rpm
MD5: a7fe88ab2bd165b4be81b8b2dab95474
SHA-256: 28f8f384168f39ca254e9de65d8bc287b8003987b876697ba1901a78d798c018
Size: 606.80 kB