Chad Waters via plug on 31 Jul 2020 08:22:11 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Warning: Don't update grub 2


This is all regarding a grub /uefi vulnerability ( CVE-2020-10713  )

https://access.redhat.com/security/vulnerabilities/grub2bootloader 

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/  

https://ubuntu.com/blog/mitigating-boothole-theres-a-hole-in-the-boot-cve-2020-10713-and-related-vulnerabilities  

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/  
 

On Fri, Jul 31, 2020 at 11:16 AM Joe Rosato via plug <plug@lists.phillylinux.org> wrote:
Might just be UEFI using secure boot after quick cursery read... But sent it out right when I saw it.

On Fri, Jul 31, 2020, 10:40 AM Walt Mankowski via plug <plug@lists.phillylinux.org> wrote:
Thanks, Carl.  My home box is running Ubuntu 20.04 but I don't believe
I've rebooted it since applying the change.

On Fri, Jul 31, 2020 at 10:29:25AM -0400, Carl Johnson via plug wrote:
> Walt,
>
> For what it's worth, I've got a mint box here that I upgraded from 18lts to
> 20lts last night with no issues.
>
>
> On Fri, Jul 31, 2020, 10:24 AM Walt Mankowski via plug <
> plug@lists.phillylinux.org> wrote:
>
> > Thanks Joe. Does anyone know if this also applies to Ubuntu? I've got
> > a Grub 2 update pending on my work Ubuntu 18.04 box and I'm a bit
> > nervous about applying it now.
> >
> > Walt
> >
> > On Fri, Jul 31, 2020 at 05:56:43AM -0400, Joe Rosato via plug wrote:
> > > The Best Linux Blog In the Unixverse (@nixcraft) tweeted at 0:54 PM on
> > Thu,
> > > Jul 30, 2020:
> > > PSA: Avoid applying RHEL/CentOS Linux Grub 2 security fix as this
> > security
> > > update renders system unbootable. https://t.co/HN5kr33uB0
> > > (https://twitter.com/nixcraft/status/1288880680290512896?s=03)
> > >
> > > Get the official Twitter app at https://twitter.com/download?s=13
> >
> > >
> > ___________________________________________________________________________
> > > Philadelphia Linux Users Group         --
> > http://www.phillylinux.org
> > > Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > > General Discussion  --
> > http://lists.phillylinux.org/mailman/listinfo/plug
> >
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --
> > http://www.phillylinux.org
> > Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion  --
> > http://lists.phillylinux.org/mailman/listinfo/plug
> >

> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug