ALSA-2022:5095

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/8/ALSA-2022-5095.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2022:5095
Related
Published
2022-06-16T00:00:00Z
Modified
2022-08-23T15:20:46Z
Summary
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
Details

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grubnetrecvip4packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shimlock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grubcmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / grub2-common

Package

Name
grub2-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-aa64

Package

Name
grub2-efi-aa64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-aa64-cdboot

Package

Name
grub2-efi-aa64-cdboot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-aa64-modules

Package

Name
grub2-efi-aa64-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-ia32

Package

Name
grub2-efi-ia32

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-ia32-cdboot

Package

Name
grub2-efi-ia32-cdboot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-ia32-modules

Package

Name
grub2-efi-ia32-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-x64

Package

Name
grub2-efi-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-x64-cdboot

Package

Name
grub2-efi-x64-cdboot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-efi-x64-modules

Package

Name
grub2-efi-x64-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-pc

Package

Name
grub2-pc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-pc-modules

Package

Name
grub2-pc-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-ppc64le-modules

Package

Name
grub2-ppc64le-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-tools

Package

Name
grub2-tools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-tools-efi

Package

Name
grub2-tools-efi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-tools-extra

Package

Name
grub2-tools-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / grub2-tools-minimal

Package

Name
grub2-tools-minimal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.02-123.el8_6.8.alma

AlmaLinux:8 / shim-aa64

Package

Name
shim-aa64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-1.el8.alma

AlmaLinux:8 / shim-ia32

Package

Name
shim-ia32

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-1.el8.alma

AlmaLinux:8 / shim-unsigned-x64

Package

Name
shim-unsigned-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-1.el8.alma

AlmaLinux:8 / shim-x64

Package

Name
shim-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-1.el8.alma