[El-errata] ELSA-2023-12952 Important: Oracle Linux 7 grub2 security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Nov 13 09:24:41 UTC 2023


Oracle Linux Security Advisory ELSA-2023-12952

http://linux.oracle.com/errata/ELSA-2023-12952.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
grub2-2.02-0.87.0.26.el7_9.9.aarch64.rpm
grub2-common-2.02-0.87.0.26.el7_9.9.noarch.rpm
grub2-efi-aa64-2.02-0.87.0.26.el7_9.9.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-0.87.0.26.el7_9.9.aarch64.rpm
grub2-efi-aa64-modules-2.02-0.87.0.26.el7_9.9.noarch.rpm
grub2-tools-2.02-0.87.0.26.el7_9.9.aarch64.rpm
grub2-tools-extra-2.02-0.87.0.26.el7_9.9.aarch64.rpm
grub2-tools-minimal-2.02-0.87.0.26.el7_9.9.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//grub2-2.02-0.87.0.26.el7_9.9.src.rpm

Related CVEs:

CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
CVE-2022-28736
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697




Description of changes:

[2.02-0.87.0.26.el7_9.9]
- Enable common subpackage for aarch64
- Do not sign aarch64 efi binaries [Orabug: 32670043]
- Remove aarch64 deps on shim [Orabug: 32670043]
- Restore versioned certificate provide for aarch64 package to satisfy shim [Orabug: 32670043]

[2.02-0.87.0.24.el7_9.9]
- Replace bugzilla.oracle.com reference [Orabug: 35477723]

[2.02-0.87.0.23.el7_9.9]
- Backport kernel EFI allocation pacthes [Orabug: 34301086]

[2.02-0.87.0.21.el7_9.9]
- Add CVE-2022-28736 to the list [JIRA: OLDIS-16371]

[2.02-0.87.0.19.el7_9.9]
- Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
  CVE-2022-28733, CVE-2022-28734, CVE-2022-28735 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation [JIRA: OLDIS-16371]

[2.02-0.87.0.17.el7_9.9]
- Cleanup XEN shell script (Alex Burmashev) [Orabug: 33851417]
- Update SBAT data (Alex Burmashev) [Orabug: 33851417]
- efinet: change SNP open call (Alex Burmashev) [Orabug: 32646964]
- disable buggy 0183-efinet-retransmit-if-our-device-is-busy.patch [Orabug: 27982684]
- Patch multiboot2 to the recent state [Orabug: 32950597]
- Enable multiboot2 for UEFI ( non Secureboot ) mode [Orabug: 32950597]
- Update signing certificate [Orabug: 32670043]
- Update shim and certificates dependencies [Orabug: 32670043]
- xfs: Don't attempt to iterate over empty directory [Orabug: 32584717]
- add SBAT metadata for Oracle Linux grub2
- Use similar format for menu entry in grub environment block
- config file. [Orabug: 32172943]
- Fix degradation in multiboot2 code [Orabug: 32069510]
- Update signing certificate for efi binaries
- Update upstream references [Orabug: 30138841]
- Restore symlink to grub environment file, that was removed during grub2-efi update
  if grub2 package is also installed on UEFI machines [Orabug: 27345750]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for [Orabug: 18504756]
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev)
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]




More information about the El-errata mailing list