СloudLinux Blog

Efi-rpm-macros-3-2, fwupdate-11-3, grub2-2.02-87, shim-15-15, and shim-unsigned-x64-15-8 packages have been scheduled for gradual rollout

Written by Inessa Atmachian | Sep 24, 2020 2:40:40 PM

 

New updated efi-rpm-macros-3-2, fwupdate-11-3, grub2-2.02-87, shim-15-15, and shim-unsigned-x64-15-8 packages have been scheduled for gradual rollout from our production repository.

Rollout slot: 4

Rolled out to: 1%

ETA for 100% rollout: October, 8

Changelog

efi-rpm-macros-3-2.el8.cloudlinux
  • CloudLinux OS debranding: set vendor to CloudLinux and EFI dir to CentOS
  • Always provide macros for efi_arch and efi_alt_arch (and their _upper variants), and make efi_has_arch and efi_has_alt_arch 0 when they are wrong. This ensures everything can always expand when we're on a non-efi architecture.
fwupdate-11-3.el8
  • Fix dependency chain issue when doing a parallel make
    Related: rhbz#1677579
  • Fix secure boot signing for RHEL 8
    Resolves: rhbz#1677579
  • Rebuild for signing with the proper key.
    Resolves: rhbz#1677579
grub2-2.02-87.el8_2.cloudlinux
  • Fix several CVEs
    Resolves: CVE-2020-10713
    Resolves: CVE-2020-14308
    Resolves: CVE-2020-14309
    Resolves: CVE-2020-14310
    Resolves: CVE-2020-14311
shim-15-15.el8_2.cloudlinux
  • Update once again for new signed shim builds.
     Resolves: rhbz#1862232
  • New signing keys
    Related: CVE-2020-10713
    Related: CVE-2020-14308
    Related: CVE-2020-14309
    Related: CVE-2020-14310
    Related: CVE-2020-14311
shim-unsigned-x64-15-8.el8.cloudlinux
  • Fix a load-address-dependent forever loop.
    Resolves: rhbz#1861977
    Related: CVE-2020-10713
    Related: CVE-2020-14308
    Related: CVE-2020-14309
    Related: CVE-2020-14310
    Related: CVE-2020-14311
    Related: CVE-2020-15705
    Related: CVE-2020-15706
    Related: CVE-2020-15707
  • Implement Lenny's workaround
    Related: CVE-2020-10713
    Related: CVE-2020-14308
    Related: CVE-2020-14309
    Related: CVE-2020-14310
    Related: CVE-2020-14311
  • Once more with the MokListRT config table patch added.
    Related: CVE-2020-10713
    Related: CVE-2020-14308
    Related: CVE-2020-14309
    Related: CVE-2020-14310
    Related: CVE-2020-14311
  • Rebuild for bug fixes and new signing keys
    Related: CVE-2020-10713
    Related: CVE-2020-14308
    Related: CVE-2020-14309
    Related: CVE-2020-14310
    Related: CVE-2020-14311

Update command

yum update grub2-common efi-srpm-macros fwupdate shim-x64

Immediate update

yum update grub2-common efi-srpm-macros fwupdate shim-x64 --enablerepo=cloudlinux-rollout-4-bypass