ALT Linux Team

Package grub update in p10 on 2025-02-19

ALT-PU-2025-2525-2

Package grub updated to version 2.12-alt4 for branch p10 in task 373256.

Closed vulnerabilities

Published: 2024-01-15

BDU:2024-00324

Уязвимость механизма защиты паролем загрузчика операционных систем Grub2, позволяющая нарушителю обойти установленный контроль доступа

Severity: MEDIUM (5.6) Vector: AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2024-01-15
Modified: 2024-11-21

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #39609

Предложение добавить в grub --class altlinux

Bug #39616

grub-mkrescue не находит /usr/share/grub/unicode.pf2

Bug #39745

grub-efi не находит grub.cfg на ноутбуке Acer Swift 3

Bug #41959

grub-efi-autoupdate для removable

Bug #48681

Default kernel isn't /boot/vmlinuz

Bug #48681

Default kernel isn't /boot/vmlinuz

Bug #49891

grub не может определить файловую систему, созданную xfsprogs 6.6.0-alt1

Bug #51107

Не загружается grub-pc 2.12-alt1 (Legacy BIOS)

Bug #51238

Новая версия ломает загрузку с nvme

Bug #52741

Установить --> Установка

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top