Oracle alert ELSA-2025-16154 (grub2)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2025-16154 Moderate: Oracle Linux 10 grub2 security update | |
| Date: | Thu, 18 Sep 2025 11:51:05 -0700 | |
| Message-ID: | <mailman.14.1758221476.31.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2025-16154 http://linux.oracle.com/errata/ELSA-2025-16154.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: grub2-common-2.12-15.0.1.el10_0.noarch.rpm grub2-efi-aa64-modules-2.12-15.0.1.el10_0.noarch.rpm grub2-efi-x64-2.12-15.0.1.el10_0.x86_64.rpm grub2-efi-x64-cdboot-2.12-15.0.1.el10_0.x86_64.rpm grub2-efi-x64-modules-2.12-15.0.1.el10_0.noarch.rpm grub2-pc-2.12-15.0.1.el10_0.x86_64.rpm grub2-pc-modules-2.12-15.0.1.el10_0.noarch.rpm grub2-tools-2.12-15.0.1.el10_0.x86_64.rpm grub2-tools-efi-2.12-15.0.1.el10_0.x86_64.rpm grub2-tools-extra-2.12-15.0.1.el10_0.x86_64.rpm grub2-tools-minimal-2.12-15.0.1.el10_0.x86_64.rpm aarch64: grub2-common-2.12-15.0.1.el10_0.noarch.rpm grub2-efi-aa64-2.12-15.0.1.el10_0.aarch64.rpm grub2-efi-aa64-cdboot-2.12-15.0.1.el10_0.aarch64.rpm grub2-efi-aa64-modules-2.12-15.0.1.el10_0.noarch.rpm grub2-efi-x64-modules-2.12-15.0.1.el10_0.noarch.rpm grub2-tools-2.12-15.0.1.el10_0.aarch64.rpm grub2-tools-extra-2.12-15.0.1.el10_0.aarch64.rpm grub2-tools-minimal-2.12-15.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/grub2-2.12-15.0.... Related CVEs: CVE-2024-45776 CVE-2024-45781 CVE-2025-0622 CVE-2025-0677 CVE-2025-1118 Description of changes: [2.12-15.0.1] - efinet: Close and reopen card on failure [Orabug: 37808688] - Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761] - Fix typo in SBAT metadata [Orabug: 37693946] - Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946] - Enable btrfs module [Orabug: 37412995] - Restored shim related conflicts and provide. [Orabug: 37376920] - Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566] - Support setting custom kernels as default kernels [Orabug: 36043978] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put "with" in menuentry instead of "using" [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.12-15] - 99-grub-mkconfig.install: Disable BLS and run grub2-mkconfig when GRUB_ENABLE_BLSCFG is disable - Resolves: #RHEL-86261 _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata