El-errata: ELSA-2022-9595 Important: Oracle Linux 8 grub2 security update
Oracle Linux Security Advisory ELSA-2022-9595
http://linux.oracle.com/errata/ELSA-2022-9595.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
grub2-common-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-efi-aa64-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-efi-ia32-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-efi-ia32-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-efi-x64-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-efi-x64-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-pc-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-pc-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-tools-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-tools-efi-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-tools-extra-2.02-123.0.7.el8_6.8.x86_64.rpm
grub2-tools-minimal-2.02-123.0.7.el8_6.8.x86_64.rpm
aarch64:
grub2-common-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-efi-aa64-2.02-123.0.7.el8_6.8.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-123.0.7.el8_6.8.aarch64.rpm
grub2-efi-aa64-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-efi-ia32-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-efi-x64-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-pc-modules-2.02-123.0.7.el8_6.8.noarch.rpm
grub2-tools-2.02-123.0.7.el8_6.8.aarch64.rpm
grub2-tools-extra-2.02-123.0.7.el8_6.8.aarch64.rpm
grub2-tools-minimal-2.02-123.0.7.el8_6.8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/grub2-2.02-123.0.7.el8_6.8.src.rpm
Related CVEs:
CVE-2022-28737
CVE-2021-3696
CVE-2022-28734
CVE-2021-3695
CVE-2021-3697
CVE-2022-28733
CVE-2022-28735
CVE-2022-28736
Description of changes:
[2.02-123.0.7.el8_6.8]
- Enable back btrfs module by default [Orabug: 34377188]
[2.02-123.0.6.el8_6.8]
- Backport upstream SNP protocol fixes [Orabug: 34195100]
[2.02-123.0.5.el8_6.8]
- Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232]
[2.02-123.0.4.el8_6.8]
- enable multiboot2 [Orabug: 34285558]
- backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462]
- backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462]
- Backport some better script logic for BTRFS support [Orabug: 32448171]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- Fix various coverity issues [Orabug: 32530657]
- Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]
- Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
[2.06-123.el8_6.8]
- CVE fixes for 2022-06-07
- CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
- CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
- Resolves: #2031899
_______________________________________________
A grub2 security update has been released for Oracle Linux 8.