-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2591
                           grub2 security update
                               30 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           grub2
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Root Compromise                 -- Existing Account
                   Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Modify Arbitrary Files          -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15707 CVE-2020-15706 CVE-2020-15705
                   CVE-2020-14311 CVE-2020-14310 CVE-2020-14309
                   CVE-2020-14308 CVE-2020-10713 

Reference:         ASB-2020.0135
                   ESB-2020.2590
                   ESB-2020.2589

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3216
   https://access.redhat.com/errata/RHSA-2020:3217
   https://access.redhat.com/errata/RHSA-2020:3223
   https://access.redhat.com/errata/RHSA-2020:3227

Comment: This bulletin contains four (4) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: grub2 security update
Advisory ID:       RHSA-2020:3216-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3216
Issue date:        2020-07-29
CVE Names:         CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 
                   CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 
                   CVE-2020-15706 CVE-2020-15707 
=====================================================================

1. Summary:

An update for grub2, shim, shim-unsigned-x64, and fwupd is now available
for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.

The fwupd packages provide a service that allows session software to update
device firmware.

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)

* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)

* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)

* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)

* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)

* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)

* grub2: Integer overflow in initrd size handling (CVE-2020-15707)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code 
execution during boot process
1852009 - CVE-2020-14308 grub2: grub_malloc does not validate allocation size 
allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 - CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads 
to heap-based buffer overflow
1852022 - CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may 
lead to heap-based buffer overflow
1852030 - CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead 
to heap-based buffer overflow
1860978 - CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 - CVE-2020-15706 grub2: Use-after-free redefining a function whilst the 
same function is already executing
1861581 - CVE-2020-15707 grub2: Integer overflow in initrd size handling

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
fwupd-1.1.4-7.el8_2.src.rpm
grub2-2.02-87.el8_2.src.rpm
shim-15-14.el8_2.src.rpm

aarch64:
fwupd-1.1.4-7.el8_2.aarch64.rpm
fwupd-debuginfo-1.1.4-7.el8_2.aarch64.rpm
fwupd-debugsource-1.1.4-7.el8_2.aarch64.rpm
grub2-debuginfo-2.02-87.el8_2.aarch64.rpm
grub2-debugsource-2.02-87.el8_2.aarch64.rpm
grub2-efi-aa64-2.02-87.el8_2.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-87.el8_2.aarch64.rpm
grub2-tools-2.02-87.el8_2.aarch64.rpm
grub2-tools-debuginfo-2.02-87.el8_2.aarch64.rpm
grub2-tools-extra-2.02-87.el8_2.aarch64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_2.aarch64.rpm
grub2-tools-minimal-2.02-87.el8_2.aarch64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_2.aarch64.rpm
shim-aa64-15-14.el8_2.aarch64.rpm

noarch:
grub2-common-2.02-87.el8_2.noarch.rpm
grub2-efi-aa64-modules-2.02-87.el8_2.noarch.rpm
grub2-efi-ia32-modules-2.02-87.el8_2.noarch.rpm
grub2-efi-x64-modules-2.02-87.el8_2.noarch.rpm
grub2-pc-modules-2.02-87.el8_2.noarch.rpm
grub2-ppc64le-modules-2.02-87.el8_2.noarch.rpm

ppc64le:
fwupd-1.1.4-7.el8_2.ppc64le.rpm
fwupd-debuginfo-1.1.4-7.el8_2.ppc64le.rpm
fwupd-debugsource-1.1.4-7.el8_2.ppc64le.rpm
grub2-debuginfo-2.02-87.el8_2.ppc64le.rpm
grub2-debugsource-2.02-87.el8_2.ppc64le.rpm
grub2-ppc64le-2.02-87.el8_2.ppc64le.rpm
grub2-tools-2.02-87.el8_2.ppc64le.rpm
grub2-tools-debuginfo-2.02-87.el8_2.ppc64le.rpm
grub2-tools-extra-2.02-87.el8_2.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_2.ppc64le.rpm
grub2-tools-minimal-2.02-87.el8_2.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_2.ppc64le.rpm

s390x:
fwupd-1.1.4-7.el8_2.s390x.rpm
fwupd-debuginfo-1.1.4-7.el8_2.s390x.rpm
fwupd-debugsource-1.1.4-7.el8_2.s390x.rpm

x86_64:
fwupd-1.1.4-7.el8_2.x86_64.rpm
fwupd-debuginfo-1.1.4-7.el8_2.x86_64.rpm
fwupd-debugsource-1.1.4-7.el8_2.x86_64.rpm
grub2-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-debugsource-2.02-87.el8_2.x86_64.rpm
grub2-efi-ia32-2.02-87.el8_2.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-87.el8_2.x86_64.rpm
grub2-efi-x64-2.02-87.el8_2.x86_64.rpm
grub2-efi-x64-cdboot-2.02-87.el8_2.x86_64.rpm
grub2-pc-2.02-87.el8_2.x86_64.rpm
grub2-tools-2.02-87.el8_2.x86_64.rpm
grub2-tools-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-tools-efi-2.02-87.el8_2.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-tools-extra-2.02-87.el8_2.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_2.x86_64.rpm
grub2-tools-minimal-2.02-87.el8_2.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_2.x86_64.rpm
shim-ia32-15-14.el8_2.x86_64.rpm
shim-x64-15-14.el8_2.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

Source:
shim-unsigned-x64-15-7.el8.src.rpm

x86_64:
shim-unsigned-x64-15-7.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHAzdzjgjWX9erEAQhobw/9GgoCaSLYNCxlFlnI2aka3CSGuqvkBpZt
EWCAhSfU/7/hyHNT0Vpc1cb/Zou+959CXlFFv+gEi0eNHiXIxaB5daGtKYS5aSJH
dL+UHRD9oPCarDZ0Z3ukZEWnkEoOXgk/1UPG2nwIaC/i5CbVyOEpXNzvgBZZEl/v
XCbk1AFRl2m5HzZgHDE0yzkhmWG5Q5unxc4nGylymL2tRRIkHBMDYfu6bqxYvnLy
Qcs96NNjJBCbSSjG0ZMLbymwF8Jn1XNzrZdTBJ22bF5x/fVRKLpiGcPD43kIOXMv
US5IZlcYzQfCBsGKoiShOHbPTUnNg0pRqazkjevYEZuYUD3YrpzTsxEwOsc+i8w0
DdhCw4kyXXSKo1Rbtk/jDkWm8f9TIssuMXgIgRJkG2EQDcfBVEiAZ/7wZG2pjrx5
q9JdqMacbixL4GpoaP5pVDetIg+t3F60AHukmesGcFeSPK6Y7tmMvBWEeV3gB/z5
gmbPidau09L8q66cRYP6dr5bD8MV+wPyZuOCXlT+GPOcLyjslnYoeyvZf9BFjpvy
53VA2yG/564rMWz4X2jS5ode32VJYQwZ7orlY31M40eEbDve6TiPyaWTXvW8kJK6
h4ZHFMkYELBnEd2GG+JQYz4HUdy+JS9eHOTTAGoYLgMhIVin1ghmBIeRZBTf0GKt
PqA8gQXdsSQ=
=JBDC
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: grub2 security and bug fix update
Advisory ID:       RHSA-2020:3217-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3217
Issue date:        2020-07-29
CVE Names:         CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 
                   CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 
                   CVE-2020-15706 CVE-2020-15707 
=====================================================================

1. Summary:

An update for grub2, shim, shim-signed, and fwupdate is now available for
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.

The fwupdate packages provide a service that allows session software to
update device firmware.

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)

* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)

* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)

* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)

* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)

* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)

* grub2: Integer overflow in initrd size handling (CVE-2020-15707)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* grub2 doesn't handle relative paths correctly for UEFI HTTP Boot
(BZ#1616395)

* UEFI HTTP boot over IPv6 does not work (BZ#1732765)

Users of grub2 are advised to upgrade to these updated packages, which fix
these bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1616395 - grub2 doesn't handle relative paths correctly for UEFI HTTP Boot
1732765 - UEFI HTTP boot over IPv6 does not work
1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code 
execution during boot process
1852009 - CVE-2020-14308 grub2: grub_malloc does not validate allocation size 
allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 - CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to 
heap-based buffer overflow
1852022 - CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may 
lead to heap-based buffer overflow
1852030 - CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead 
to heap-based buffer overflow
1860978 - CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 - CVE-2020-15706 grub2: Use-after-free redefining a function whilst the 
same function is already executing
1861581 - CVE-2020-15707 grub2: Integer overflow in initrd size handling

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm

noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm

x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm

x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm

noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm

x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm

x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm

noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm

ppc64:
grub2-2.02-0.86.el7_8.ppc64.rpm
grub2-debuginfo-2.02-0.86.el7_8.ppc64.rpm
grub2-ppc64-2.02-0.86.el7_8.ppc64.rpm
grub2-tools-2.02-0.86.el7_8.ppc64.rpm
grub2-tools-extra-2.02-0.86.el7_8.ppc64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.ppc64.rpm

ppc64le:
grub2-2.02-0.86.el7_8.ppc64le.rpm
grub2-debuginfo-2.02-0.86.el7_8.ppc64le.rpm
grub2-ppc64le-2.02-0.86.el7_8.ppc64le.rpm
grub2-tools-2.02-0.86.el7_8.ppc64le.rpm
grub2-tools-extra-2.02-0.86.el7_8.ppc64le.rpm
grub2-tools-minimal-2.02-0.86.el7_8.ppc64le.rpm

x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm

x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
fwupdate-12-6.el7_8.src.rpm
grub2-2.02-0.86.el7_8.src.rpm
shim-15-7.el7_9.src.rpm
shim-signed-15-7.el7_8.src.rpm

noarch:
grub2-common-2.02-0.86.el7_8.noarch.rpm
grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
shim-unsigned-aa64-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-ia32-debuginfo-15-7.el7_9.noarch.rpm
shim-unsigned-x64-debuginfo-15-7.el7_9.noarch.rpm

x86_64:
fwupdate-12-6.el7_8.x86_64.rpm
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-efi-12-6.el7_8.x86_64.rpm
fwupdate-libs-12-6.el7_8.x86_64.rpm
grub2-2.02-0.86.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
grub2-pc-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
mokutil-15-7.el7_8.x86_64.rpm
mokutil-debuginfo-15-7.el7_8.x86_64.rpm
shim-ia32-15-7.el7_8.x86_64.rpm
shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
shim-unsigned-x64-15-7.el7_9.x86_64.rpm
shim-x64-15-7.el7_8.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm

x86_64:
fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
fwupdate-devel-12-6.el7_8.x86_64.rpm
grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHPd9zjgjWX9erEAQhkbA/9GyUNQ0t+giFZBD+d3kury+VEwisdlUfX
FLeZ5fpDNNOFPJuzEqtI9WzFP9V3XtaCia9W0ELd9IF9tFgNPFnyOliQGF9Nd6Sv
wH38cEhARswOlILJwYTVFqzbFzM8U+aWbw5/y5mgt/a5ludPKFqRyVrjfmIPjtpN
AGkgFhNnlx31Ct4lN66w1uyDEwbR/uKezAISZqGxkH2WcLL/53dhtFYTNc/dKiiu
pB/6YZ2UwDKzk45cU6gkCEMz4IiEqjAflv9TEocA1w8Y6QPi9wvaWO7BVL/mT4hW
HPKSV7I0QW2ZhcxyEFrT+nEpeTxi3DtLJLVrWhSYwk5QSIoEoKH0wGZsbgabLkbS
gsvfRZnAQ997Y94klkq9W3t7vf/f3jtBFQUtpBSOXdOlJZGK15iG1PsjSiaaM40Q
vMUuOLhBoFT55WY56wYMEHpswhXm6hKLWhplP0kQX/5cIrXHE5ai4QyazwtNjycI
xFLe+ezT6G2UxaPkgthLruGV74icVOIy0C09LT7FvwmYujqrdtFxxthLB3D6+/T/
ZXaVffNWJUkYizSNHSH4x6XwauURgfsJUlFp46SU17bxOtRlY5djAQ8vE8hVoS8z
nJuF6huI1ATM/8f3slQ3+uONnH7Yno2HN/kkSBGeOGEs3wr/riDgoRwbBHRA3hBv
t4FTWxd9C3A=
=TjQr
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: grub2 security update
Advisory ID:       RHSA-2020:3223-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3223
Issue date:        2020-07-29
CVE Names:         CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 
                   CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 
                   CVE-2020-15706 CVE-2020-15707 
=====================================================================

1. Summary:

An update for grub2, shim, shim-unsigned-x64, and fwupd is now available
for Red Hat Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.1) - x86_64
Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.

The fwupd packages provide a service that allows session software to update
device firmware.

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)

* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)

* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)

* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)

* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)

* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)

* grub2: Integer overflow in initrd size handling (CVE-2020-15707)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code 
execution during boot process
1852009 - CVE-2020-14308 grub2: grub_malloc does not validate allocation size 
allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 - CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads 
to heap-based buffer overflow
1852022 - CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may 
lead to heap-based buffer overflow
1852030 - CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead 
to heap-based buffer overflow
1860978 - CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 - CVE-2020-15706 grub2: Use-after-free redefining a function whilst the 
same function is already executing
1861581 - CVE-2020-15707 grub2: Integer overflow in initrd size handling

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1):

Source:
fwupd-1.1.4-2.el8_1.src.rpm
grub2-2.02-87.el8_1.src.rpm
shim-15-14.el8_1.src.rpm

aarch64:
fwupd-1.1.4-2.el8_1.aarch64.rpm
fwupd-debuginfo-1.1.4-2.el8_1.aarch64.rpm
fwupd-debugsource-1.1.4-2.el8_1.aarch64.rpm
grub2-debuginfo-2.02-87.el8_1.aarch64.rpm
grub2-debugsource-2.02-87.el8_1.aarch64.rpm
grub2-efi-aa64-2.02-87.el8_1.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-87.el8_1.aarch64.rpm
grub2-tools-2.02-87.el8_1.aarch64.rpm
grub2-tools-debuginfo-2.02-87.el8_1.aarch64.rpm
grub2-tools-extra-2.02-87.el8_1.aarch64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_1.aarch64.rpm
grub2-tools-minimal-2.02-87.el8_1.aarch64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_1.aarch64.rpm
shim-aa64-15-14.el8_1.aarch64.rpm

noarch:
grub2-common-2.02-87.el8_1.noarch.rpm
grub2-efi-aa64-modules-2.02-87.el8_1.noarch.rpm
grub2-efi-ia32-modules-2.02-87.el8_1.noarch.rpm
grub2-efi-x64-modules-2.02-87.el8_1.noarch.rpm
grub2-pc-modules-2.02-87.el8_1.noarch.rpm
grub2-ppc64le-modules-2.02-87.el8_1.noarch.rpm

ppc64le:
fwupd-1.1.4-2.el8_1.ppc64le.rpm
fwupd-debuginfo-1.1.4-2.el8_1.ppc64le.rpm
fwupd-debugsource-1.1.4-2.el8_1.ppc64le.rpm
grub2-debuginfo-2.02-87.el8_1.ppc64le.rpm
grub2-debugsource-2.02-87.el8_1.ppc64le.rpm
grub2-ppc64le-2.02-87.el8_1.ppc64le.rpm
grub2-tools-2.02-87.el8_1.ppc64le.rpm
grub2-tools-debuginfo-2.02-87.el8_1.ppc64le.rpm
grub2-tools-extra-2.02-87.el8_1.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_1.ppc64le.rpm
grub2-tools-minimal-2.02-87.el8_1.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_1.ppc64le.rpm

s390x:
fwupd-1.1.4-2.el8_1.s390x.rpm
fwupd-debuginfo-1.1.4-2.el8_1.s390x.rpm
fwupd-debugsource-1.1.4-2.el8_1.s390x.rpm

x86_64:
fwupd-1.1.4-2.el8_1.x86_64.rpm
fwupd-debuginfo-1.1.4-2.el8_1.x86_64.rpm
fwupd-debugsource-1.1.4-2.el8_1.x86_64.rpm
grub2-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-debugsource-2.02-87.el8_1.x86_64.rpm
grub2-efi-ia32-2.02-87.el8_1.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-87.el8_1.x86_64.rpm
grub2-efi-x64-2.02-87.el8_1.x86_64.rpm
grub2-efi-x64-cdboot-2.02-87.el8_1.x86_64.rpm
grub2-pc-2.02-87.el8_1.x86_64.rpm
grub2-tools-2.02-87.el8_1.x86_64.rpm
grub2-tools-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-tools-efi-2.02-87.el8_1.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-tools-extra-2.02-87.el8_1.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_1.x86_64.rpm
grub2-tools-minimal-2.02-87.el8_1.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_1.x86_64.rpm
shim-ia32-15-14.el8_1.x86_64.rpm
shim-x64-15-14.el8_1.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.1):

Source:
shim-unsigned-x64-15-7.el8.src.rpm

x86_64:
shim-unsigned-x64-15-7.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHQgNzjgjWX9erEAQhnvhAAgryO0E3ox1uIRkWKWXF1NoRq9X+r4dpJ
Oc0Wn2t/hgG3S/lzqQJWDGkRVSrIycSd2NhAuC2nsCzIZNsngSkNP6jFrnl6MHYy
Q4ZS/RF1hFZxaHMGb1DDOsKGxjlKdqgk2V7TN5nfJBLjEOB+REiO8ih2bzwjLNUi
maiWwra1beKdEmSBPPbJ+M1yzRgZIbY7d9zNY7G7xzrovDq/S99iSB1D58tNbh/u
Us91GL1MTUTd3YSBt1qjIF8p+4f2JXuu0NeNTTkBAsyjHDqATniSFH+ZoDRp6lxW
PDMGABFh6479y50mLS69ac647xFKCAbzDutc04rBL/BzivxzOp4prO39ebZVe4XP
S4O/EU5Iu62YtIx6iwiQ8razXqW/Zb+y2xCi8VaxJqJwogk0HqVxfXewUbPmmvjR
9fLEEBz1bir+rDYU59KAhT0+w5iAYQZmKbpD/zjyGqedSDoCgWlORF8JND+4B6IB
xwmiDZWrfH3lsg4rzIIFr4rd6vzI9d4Rc5LFVyqSIZ/REWhJDxKWs/8H5PvNzDk0
3UqmAdfosJFQvWFhrFxfZy/ITBz6p9ScSe8s2aFudOUwGYbR8eY3mTqAqCJJq+wT
LG9XZAfSAB6Xwolvwa5jKVna34EqzDMexJp76ZZ3I9agH7IXeYA/xnMTKt/tt18Z
kEuD5ben5IU=
=j/2T
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: grub2 security update
Advisory ID:       RHSA-2020:3227-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3227
Issue date:        2020-07-29
CVE Names:         CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 
                   CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 
                   CVE-2020-15706 CVE-2020-15707 
=====================================================================

1. Summary:

An update for grub2, shim, and fwupd is now available for Red Hat
Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - noarch, ppc64le, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.

The fwupd packages provide a service that allows session software to update
device firmware.

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)

* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
(CVE-2020-14308)

* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)

* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)

* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)

* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)

* grub2: Integer overflow in initrd size handling (CVE-2020-15707)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code
 execution during boot process
1852009 - CVE-2020-14308 grub2: grub_malloc does not validate allocation size 
allowing for arithmetic overflow and subsequent heap-based buffer overflow
1852014 - CVE-2020-14311 grub2: Integer overflow in grub_ext2_read_link leads to 
heap-based buffer overflow
1852022 - CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may 
lead to heap-based buffer overflow
1852030 - CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead 
to heap-based buffer overflow
1860978 - CVE-2020-15705 grub2: Fail kernel validation without shim protocol
1861118 - CVE-2020-15706 grub2: Use-after-free redefining a function whilst the 
same function is already executing
1861581 - CVE-2020-15707 grub2: Integer overflow in initrd size handling

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.0):

Source:
fwupd-1.1.4-2.el8_0.src.rpm
grub2-2.02-87.el8_0.src.rpm
shim-15-14.el8_0.src.rpm

noarch:
grub2-common-2.02-87.el8_0.noarch.rpm
grub2-efi-aa64-modules-2.02-87.el8_0.noarch.rpm
grub2-efi-ia32-modules-2.02-87.el8_0.noarch.rpm
grub2-efi-x64-modules-2.02-87.el8_0.noarch.rpm
grub2-pc-modules-2.02-87.el8_0.noarch.rpm
grub2-ppc64le-modules-2.02-87.el8_0.noarch.rpm

ppc64le:
fwupd-1.1.4-2.el8_0.ppc64le.rpm
fwupd-debuginfo-1.1.4-2.el8_0.ppc64le.rpm
fwupd-debugsource-1.1.4-2.el8_0.ppc64le.rpm
grub2-debuginfo-2.02-87.el8_0.ppc64le.rpm
grub2-debugsource-2.02-87.el8_0.ppc64le.rpm
grub2-ppc64le-2.02-87.el8_0.ppc64le.rpm
grub2-tools-2.02-87.el8_0.ppc64le.rpm
grub2-tools-debuginfo-2.02-87.el8_0.ppc64le.rpm
grub2-tools-extra-2.02-87.el8_0.ppc64le.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_0.ppc64le.rpm
grub2-tools-minimal-2.02-87.el8_0.ppc64le.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_0.ppc64le.rpm

x86_64:
fwupd-1.1.4-2.el8_0.x86_64.rpm
fwupd-debuginfo-1.1.4-2.el8_0.x86_64.rpm
fwupd-debugsource-1.1.4-2.el8_0.x86_64.rpm
grub2-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-debugsource-2.02-87.el8_0.x86_64.rpm
grub2-efi-ia32-2.02-87.el8_0.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-87.el8_0.x86_64.rpm
grub2-efi-x64-2.02-87.el8_0.x86_64.rpm
grub2-efi-x64-cdboot-2.02-87.el8_0.x86_64.rpm
grub2-pc-2.02-87.el8_0.x86_64.rpm
grub2-tools-2.02-87.el8_0.x86_64.rpm
grub2-tools-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-tools-efi-2.02-87.el8_0.x86_64.rpm
grub2-tools-efi-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-tools-extra-2.02-87.el8_0.x86_64.rpm
grub2-tools-extra-debuginfo-2.02-87.el8_0.x86_64.rpm
grub2-tools-minimal-2.02-87.el8_0.x86_64.rpm
grub2-tools-minimal-debuginfo-2.02-87.el8_0.x86_64.rpm
shim-ia32-15-14.el8_0.x86_64.rpm
shim-x64-15-14.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14308
https://access.redhat.com/security/cve/CVE-2020-14309
https://access.redhat.com/security/cve/CVE-2020-14310
https://access.redhat.com/security/cve/CVE-2020-14311
https://access.redhat.com/security/cve/CVE-2020-15705
https://access.redhat.com/security/cve/CVE-2020-15706
https://access.redhat.com/security/cve/CVE-2020-15707
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHZEtzjgjWX9erEAQi/iQ/6AnVamiVIedrN+1zdQiHGyuPUcNBgS3f+
1QQ2pwLAwB4tFdZqQeH/ozP/7jiwpzjBH6gEaa6iwjSJVdFS1jtsbx84XzjnIJ6F
jg7lJssJyE/zXIW0UZ1tcLiwt6AqMB6bl2djk1PzQj+VazumZ9JOacYrTQFwyrAB
Z25a0Q0KbFhaKhfo/QB3OpG1Ek6V2yWYD0ScKohvI918iBvvz/zG4zoyClmzTxYO
9nr8ZvRJQfzBop1qiDbedJSeLIfsJJyQcEmD25IBVeVKKNLF25gzBqAnq8OLMGDR
2FxRvPzf9vzMxeOyo3Dr4ZHsG5ZnmTF/gS8QYO7SquMVmJJ1C+pNHyvxfT8VpFM7
9O7KMQMIoCfUiVdeUS5Rt1bZlx5w2/Wk6LN6/TGBYLDIIz7zpllL+hAGVlI/GPK6
uXVhJunpRqJ1sLg+KUaSHENFywqnwlslcR7bXWUG/oH/0C+I+4Edx9p0sKVLnf9F
GVWwAmw1ZZG/Ab7SEGidLLBEllrBh/4VYTIktXJovmJ3cz+SYP19sM98+5ftJb/S
8/DnJpGAxxDAe6QHxInCT25uIHKkZND0d06dzWvn/n5lSPBHJ+KPTR2sC1DlcuI7
XIhcj+WBO/rSJBnl2IyuusKThyVD9D1oCvsGm0Y0ZCxP2JsErAmjgWO1AEvODSok
Hjos6WFqcW8=
=yC3d
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyJC1uNLKJtyKPYoAQjXRA//c5iaKLSLjNkJuDVjPPxmqbXxDrQaJaMU
4xhhkEU7f1rtsf8NRQ3w+bqsgruld+oP6W2ZykrPx4atD+MBIixRgbLYxGnCn2TA
SJyvxZVGsA4nyTPfwg2KwCWfDFgdaH0u9ibEHYz2ys5+udiJv1ZNBYdtQJGfsL/a
wfEilaPjG38aV73Z9dfUp3oQvpzoQjG09+Y2k0qc3vsUTgzYk5HUNJxngi/zT3PX
BZ2rlp0EmhYd1FzfTbosI1T7r9rphQpbor6EY7HTDqIqlzCG8EhYIIQ5kWoZG28P
V/TobzHfUCkVedl2dm4XDSSpt4PkgefYUSYBS1rR0jWyaW+ggNt/HinXyqgSmz53
b9MeqYWOhZev3ebRi0rHll+1A+RKfL8BzpocNhYOGMQzWLMjtYk9EA2btdgHIsTT
H6IYazPSJ+Sx/gE2H3DDSNmisML/45f0RDreL4Rcg+kC6hdmSg8J1+qMyUbhfgiM
8Y2Hqhm9y5yanW2j35FWYTjIFa2+mckaNDVSd8x7mBIlOXy4gfLgjlv5fms58tvX
E6Glb2CIz8rz8ddQh3ifC55pqvCHQvheUCKnpuFzYYCl4PNxGJDUFbzZ4sMQP0iR
MFCRG/nexwPxGGBLPYCiQ20nT/b/LjDTfZC7gZIL7z9fPkQ0YSp4Zy2iUZQg/gXV
oxE5y6QTWZA=
=wg1Y
-----END PGP SIGNATURE-----