CentOS-announce: CentOS Linux, CentOS Stream and the Boot Hole vulnerability
We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-1073) and are working on releasing new packages for CentOS Linux 7, CentOS Linux 8 and CentOS Stream in response. These should make it out to a mirror near you shortly.
/!\ Secureboot Systems - Please do a full update /!\
CentOS Linux 8 and CentOS Stream systems with secureboot enabled MUST update the kernel, grub2, and shim packages together. As part of this CVE, we have re-issued the kernel and shim signing certificate authorities, and previously released EL8 kernels cannot boot in secureboot mode with the newer shim/grub2.
The following packages boot together in secureboot mode on CentOS Stream:
* kernel-4.18.0-227.el8 / kernel-rt-4.18.0-227.rt7.39.el8
* grub2-2.02-87.el8_2
* shim-x64-15-13.el8
The following packages boot together in secureboot mode on CentOS Linux 8:
* kernel-4.18.0-193.14.2.el8_2
* grub2-2.02-87.el8_2
* shim-x64-15-13.el8
For systems with CentOS Linux 7 or with secureboot disabled, we strongly recommend doing a full `dnf/yum update` to pick up all of the latest patches at the same time.
On behalf of the CentOS Team,
Brian Stinson
Brian Stinson published a notification about the Boot Hole vulnerability in CentOS and CentOS Stream.