New updated efi-rpm-macros-3-2, fwupdate-11-3, grub2-2.02-87, shim-15-15, and shim-unsigned-x64-15-8 packages have been scheduled for gradual rollout from our production repository.
Rollout slot: 4
Rolled out to: 1%
ETA for 100% rollout: October, 8
Changelog
efi-rpm-macros-3-2.el8.cloudlinux
- CloudLinux OS debranding: set vendor to CloudLinux and EFI dir to CentOS
- Always provide macros for efi_arch and efi_alt_arch (and their _upper variants), and make efi_has_arch and efi_has_alt_arch 0 when they are wrong. This ensures everything can always expand when we're on a non-efi architecture.
fwupdate-11-3.el8
- Fix dependency chain issue when doing a parallel make
Related: rhbz#1677579
- Fix secure boot signing for RHEL 8
Resolves: rhbz#1677579
- Rebuild for signing with the proper key.
Resolves: rhbz#1677579
grub2-2.02-87.el8_2.cloudlinux
- Fix several CVEs
Resolves: CVE-2020-10713
Resolves: CVE-2020-14308
Resolves: CVE-2020-14309
Resolves: CVE-2020-14310
Resolves: CVE-2020-14311
shim-15-15.el8_2.cloudlinux
- Update once again for new signed shim builds.
Resolves: rhbz#1862232
- New signing keys
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
shim-unsigned-x64-15-8.el8.cloudlinux
- Fix a load-address-dependent forever loop.
Resolves: rhbz#1861977
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
Related: CVE-2020-15705
Related: CVE-2020-15706
Related: CVE-2020-15707
- Implement Lenny's workaround
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
- Once more with the MokListRT config table patch added.
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
- Rebuild for bug fixes and new signing keys
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
Update command
yum update grub2-common efi-srpm-macros fwupdate shim-x64
Immediate update
yum update grub2-common efi-srpm-macros fwupdate shim-x64 --enablerepo=cloudlinux-rollout-4-bypass