GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat May 01, 2021 4:26 am Post subject: [ glsa 202104-05 ] grub |
 |
|
Gentoo Linux Security Advisory
Title: GRUB: Multiple vulnerabilities (GLSA 202104-05)
Severity: normal
Exploitable: local
Date: 2021-04-30
Bug(s): #734654, #773991
ID: 202104-05
Synopsis
Multiple vulnerabilities have been found in GRUB, the worst might
allow for circumvention of UEFI Secure Boot.
Background
GNU GRUB is a multiboot boot loader used by most Linux systems.
Affected Packages
Package: sys-boot/grub
Vulnerable: < 2.06_rc1
Unaffected: >= 2.06_rc1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in GRUB. Please review the
CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All GRUB users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06_rc1"
|
After upgrading, make sure to run the grub-install command with options
appropriate for your system. See the GRUB Quick Start guide in the
references below for examples. Your system will be vulnerable until this
action is performed.
References
CVE-2020-10713
CVE-2020-14308
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-14372
CVE-2020-15705
CVE-2020-15706
CVE-2020-15707
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
GRUB Quick Start
guide
|
|
News & Announcements
