stable

grub2-2.06-118.fc39

FEDORA-2024-097eb22907 created by nfrayer a month ago for Fedora 39

Security fix for CVE-2024-1048

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-097eb22907

This update has been submitted for testing by nfrayer.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'failed'.

a month ago
User Icon adamwill commented & provided feedback a month ago

So, the reason this failed tests is a bit unique. They're failing on a sanity check in the openQA tests: it checks whether the test actually has a newer version of the package installed than is present in the update under test, and if so, it flags that as a problem. Usually what that means is that, somehow, a newer package already got pushed stable, and pushing the update-under-test stable would move the package backwards, but that's not how it is in this case.

In this case, the openQA server base image is actually hacked up to use a grub2 build from a side repo (https://adamwill.fedorapeople.org/grubxfs-repo/ ), which I rather arbitrarily versioned grub2-2.06-118.fc39. So it's higher-versioned than the one in this update, so it triggers the failure.

The reason why I'm doing that is https://bugzilla.redhat.com/show_bug.cgi?id=2259266 (which current affects F39). If I let the openQA server base image use the current stable grub2 package, it doesn't boot because of that bug.

So...it would make things much easier if this update fixed that bug, is what I'm saying. :P Otherwise I'll have to do a hack like disabling the check just for this update so it can go through.

I thought that bug was supposed to be getting fixed last week; what's the current status, @nfrayer ?

This update has been pushed to testing.

a month ago
User Icon geraldosimiao commented & provided feedback a month ago
karma

works

User Icon filiperosset commented & provided feedback a month ago
karma

ok here

User Icon nixuser commented & provided feedback a month ago
karma

Working here OK.

User Icon bojan commented & provided feedback a month ago
karma

Works.

User Icon frantisekz provided feedback a month ago
karma
User Icon imabug provided feedback a month ago
karma
User Icon kparal commented & provided feedback a month ago
karma

my UEFI Workstation boots fine on Thinkpad P1 gen3

User Icon adamwill commented & provided feedback a month ago

@nfrayer said he would add a fix for the XFS issue, but I don't see it yet.

User Icon adamwill commented & provided feedback a month ago

Given that this is a security fix and doesn't make things worse than they are at present, let's waive the failures and get it pushed stable.

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago

This update can be pushed to stable now if the maintainer wishes

a month ago

adamwill edited this update.

New build(s):

  • grub2-2.06-118.fc39

Removed build(s):

  • grub2-2.06-117.fc39

Karma has been reset.

a month ago

This update has been submitted for testing by adamwill.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

adamwill edited this update.

a month ago

adamwill edited this update.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago
User Icon adamwill commented & provided feedback a month ago

OK, the "XFS-/boot-always-fails-on-BIOS" bug should be fixed with -118, nfrayer put the patch back. This does mean the bug it was intended to cause (which breaks boot for a different, less common set of circumstances) is back.

This update has been pushed to testing.

a month ago
User Icon imabug provided feedback a month ago
karma
User Icon nixuser commented & provided feedback a month ago
karma

Working fine here.

Intel NUC NUC13ANHi7 (NUC13ANHi7000) (rev N11225-207) 1 x 13th Gen Intel(R) Core(TM) i7-1360P Intel Corporation Raptor Lake-P [Iris Xe Graphics] (rev 04)

This update can be pushed to stable now if the maintainer wishes

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago
karma

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago
User Icon nfrayer commented & provided feedback a month ago

As @adamwill metioned, this update reintroduced an issue that was fixed by removing one of the XFS patch. A fix is being reviewed upstream and will be merged in Fedora as soon as it'll accepted.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
BZ#2256827 CVE-2024-1048 grub2: grub2-set-bootflag can be abused by local (pseudo-)users
0
0
BZ#2263036 CVE-2024-1048 grub2: grub2-set-bootflag can be abused by local (pseudo-)users [fedora-all]
0
0

Automated Test Results