FEDORA-2021-8dbf0a81c0 created by rharwood 5 months ago for Fedora 35
stable
  • restore umask for grub.cfg (CVE-2021-3981)
  • re-run signing after infrastructure fix

How to install

sudo dnf upgrade --advisory=FEDORA-2021-8dbf0a81c0

This update has been submitted for testing by rharwood.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update's test gating status has been changed to 'failed'.

5 months ago

This update's test gating status has been changed to 'passed'.

5 months ago

This update has been pushed to testing.

5 months ago
User Icon bojan commented & provided feedback 5 months ago
karma

Works (UEFI, secure boot, with just Fedora default MOK, T450s).

User Icon frigo commented & provided feedback 5 months ago
karma

secure boot working, permissions for grub.cfg looking fine.

signature 1
image signature issuers:
 - /CN=Fedora Secure Boot CA
signature 2
image signature issuers:
 - /C=US/ST=Massachusetts/L=Cambridge/O=Red Hat, Inc./OU=Fedora Secure Boot CA 20200709/CN=fedoraca

Is there a way to add a test for the secure boot issue? If not booting a VM with secure boot enabled, maybe just extracting the signatures from shim and validating the certificates of grub efi, it would be a big relief :D

BZ#2030358 CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content [fedora-all]
BZ#2030940 Booting with grub2-2.06-9.fc35 and UEFI Secure Boot enabled resulted in Error: Verification Failed: (0x1A) Security Violation

This update can be pushed to stable now if the maintainer wishes

5 months ago
User Icon besser82 commented & provided feedback 5 months ago
karma

Works great! LGTM! =)

This update has been submitted for stable by bodhi.

5 months ago
User Icon ankursinha commented & provided feedback 5 months ago
karma

Boots fine!

BZ#2030940 Booting with grub2-2.06-9.fc35 and UEFI Secure Boot enabled resulted in Error: Verification Failed: (0x1A) Security Violation
karma
User Icon thesourcehim commented & provided feedback 5 months ago
karma

Secure boot works

BZ#2030940 Booting with grub2-2.06-9.fc35 and UEFI Secure Boot enabled resulted in Error: Verification Failed: (0x1A) Security Violation

This update has been pushed to stable.

5 months ago
User Icon geraldosimiao commented & provided feedback 5 months ago
karma

WFM


Please login to add feedback.

Metadata
Type
security
Karma
7
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
5 months ago
in testing
5 months ago
in stable
5 months ago
BZ#2030358 CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content [fedora-all]
0
1
BZ#2030940 Booting with grub2-2.06-9.fc35 and UEFI Secure Boot enabled resulted in Error: Verification Failed: (0x1A) Security Violation
0
3

Automated Test Results