内容简介:Early this morning, an urgent. The vulnerability itself left a method for system attackers to potentially install "bootkit" malware on a Linux system despite that system being protected with UEFI Secure Boot.Unfortunately, Red Hat's patch to GRUB2 and the
Early this morning, an urgent bug showed up at Red Hat's bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2.
The patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole. The vulnerability itself left a method for system attackers to potentially install "bootkit" malware on a Linux system despite that system being protected with UEFI Secure Boot.
RHEL and CentOS
Unfortunately, Red Hat's patch to GRUB2 and the kernel, once applied, are leaving patched systems unbootable. The issue is confirmed to affect RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well. RHEL-derivative distribution CentOS is also affected.
Red Hat is currently advising
users not to apply the GRUB2 security patches ( RHSA-2020:3216
or RHSA-2020:3217
) until these issues have been resolved. If you administer a RHEL or CentOS system and believe you may have installed these patches, do not reboot your system
. Downgrade the affected packages using sudo yum downgrade shim\* grub2\* mokutil
and configure yum
not to upgrade those packages by temporarily adding exclude=grub2* shim* mokutil
to /etc/yum.conf
.
If you've already applied the patches and attempted (and failed) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, set up the network , then perform the same steps outlined above in order to restore functionality to your system.
Other distributions
Although the bug was first reported in Red Hat Enterprise Linux, apparently related bug reports are rolling in from other distributions from different families as well. Ubuntu and Debian users are reporting systems which cannot boot after installing GRUB2 updates, and Canonical has issued an advisory including instructions for recovery on affected systems.
Although the impact of the GRUB2 bug is similar, the scope may be different from distribution to distribution; so far it appears the Debian/Ubuntu GRUB2 bug is only affecting
systems which boot in BIOS (not UEFI) mode. A fix has already been committed to Ubuntu's proposed
repository, tested, and released to its updates
repository. The updated and released packages, grub2 (2.02~beta2-
and grub2 (2.04-1ubuntu26.2) focal
, should resolve the problem for Ubuntu users.
For Debian users, the fix
is available in newly committed package grub2 (2.02+dfsg1-20+deb10u2)
.
We do not have any word at this time about flaws in or impact of GRUB2 BootHole patches on other distributions such as Arch, Gentoo, or Clear Linux.
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
