AlmaLinux 2325 Published by

A grub2, mokutil, shim, and shim-unsigned-x64 security update has been released for AlmaLinux 9.



ALSA-2022:5099 ALSA-2022:5099: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important)


Type:
security

Severity:
important

Release date:
2022-08-23

Description
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)
* grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)
* grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)
* grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)
* grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)
* grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)
* grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)
* shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
ALSA-2022:5099

Updates packages:
shim-aa64-15.6-1.el9.alma.aarch64.rpm
shim-x64-15.6-1.el9.alma.x86_64.rpm
shim-unsigned-x64-15.6-1.el9.alma.x86_64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2022:5099 ALSA-2022:5099: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important)