ELBA-2023-12998 Oracle Linux 7 grub2 bug fix update
Oracle Linux Bug Fix Advisory ELBA-2023-12998
http://linux.oracle.com/errata/ELBA-2023-12998.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
grub2-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-common-2.02-0.87.0.25.el7.9.11.noarch.rpm
grub2-efi-ia32-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-efi-ia32-modules-2.02-0.87.0.25.el7.9.11.noarch.rpm
grub2-efi-x64-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-efi-x64-modules-2.02-0.87.0.25.el7.9.11.noarch.rpm
grub2-pc-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-pc-modules-2.02-0.87.0.25.el7.9.11.noarch.rpm
grub2-tools-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-tools-extra-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-tools-minimal-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.87.0.25.el7.9.11.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.87.0.25.el7.9.11.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//grub2-2.02-0.87.0.25.el7.9.11.src.rpm
Description of changes:
[2.02-0.87.0.25.el7_9.11]
- Replace bugzilla.oracle.com reference [Orabug: 35477723]
- Backport kernel EFI allocation pacthes [Orabug: 34301086]
- Add to the list CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28734, CVE-2022-28735, CVE-2022-28736 [JIRA: OLDIS-16371]
- bump SBAT generation [JIRA: OLDIS-16371]
- Cleanup XEN shell script (Alex Burmashev) [Orabug: 33851417]
- Update SBAT data (Alex Burmashev) [Orabug: 33851417]
- efinet: change SNP open call (Alex Burmashev) [Orabug: 32646964]
- disable buggy 0183-efinet-retransmit-if-our-device-is-busy.patch [Orabug: 27982684]
- Patch multiboot2 to the recent state [Orabug: 32950597]
- Enable multiboot2 for UEFI ( non Secureboot ) mode [Orabug: 32950597]
- Update signing certificate [Orabug: 32670043]
- Update shim and certificates dependencies [Orabug: 32670043]
- xfs: Don't attempt to iterate over empty directory [Orabug: 32584717]
- add SBAT metadata for Oracle Linux grub2
- Use similar format for menu entry in grub environment block
- config file. [Orabug: 32172943]
- Fix degradation in multiboot2 code [Orabug: 32069510]
- Update signing certificate for efi binaries
- Update upstream references [Orabug: 30138841]
- Restore symlink to grub environment file, that was removed during grub2-efi update
if grub2 package is also installed on UEFI machines [Orabug: 27345750]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for [Orabug: 18504756]
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev)
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
[2.02-087.el7.11]
- Bump sbat
- Resolves: CVE-2022-28733
[2.02-087.el7.10]
- Backport the relevant CVE fixes from the 2022-05-24 drop
- Resolves: CVE-2022-28733
[2.02-087.el7.9]
- Bump for signing
- Resolves: #1892860
[2.02-0.87.el7.8]
- Fix accidental reboot in grub_exit
- Resolves: #1892860
[2.02-0.87.el7.7]
- Fix boot failures in ppc64le caused by storage race condition (diegodo)
Resolves: rhbz#1942148
[2.02-0.87.el7.6]
- Fix ppc64le performance issues (diegodo)
Resolves: rhbz#1759298
[2.02-0.87.el7.5]
- Add the at keyboard patches that weren't included
Resolves: rhbz#1892240
[2.02-0.87.el7.4]
- add keylayouts and at_keyboard modules to EFI binary
Resolves: rhbz#1892240
[2.02-0.87.el7.3]
- at_keyboard: use set 1 when keyboard is in Translate mode (rmetrich)
Resolves: rhbz#1892240
[2.02-0.87.el7.2]
- Fix another batch of CVEs
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233
[2.02-0.87.e7.1]
- Fix keyboards that report IBM PC AT scan codes
Resolves: rhbz#1892240
A grub2 bug fix update has been released for Oracle Linux 7.