stable

grub2-2.06-118.fc39

FEDORA-2024-097eb22907 created by nfrayer 5 months ago for Fedora 39

Security fix for CVE-2024-1048

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-097eb22907

This update has been submitted for testing by nfrayer.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update's test gating status has been changed to 'failed'.

5 months ago
User Icon adamwill commented & provided feedback 5 months ago

So, the reason this failed tests is a bit unique. They're failing on a sanity check in the openQA tests: it checks whether the test actually has a newer version of the package installed than is present in the update under test, and if so, it flags that as a problem. Usually what that means is that, somehow, a newer package already got pushed stable, and pushing the update-under-test stable would move the package backwards, but that's not how it is in this case.

In this case, the openQA server base image is actually hacked up to use a grub2 build from a side repo (https://adamwill.fedorapeople.org/grubxfs-repo/ ), which I rather arbitrarily versioned grub2-2.06-118.fc39. So it's higher-versioned than the one in this update, so it triggers the failure.

The reason why I'm doing that is https://bugzilla.redhat.com/show_bug.cgi?id=2259266 (which current affects F39). If I let the openQA server base image use the current stable grub2 package, it doesn't boot because of that bug.

So...it would make things much easier if this update fixed that bug, is what I'm saying. :P Otherwise I'll have to do a hack like disabling the check just for this update so it can go through.

I thought that bug was supposed to be getting fixed last week; what's the current status, @nfrayer ?

This update has been pushed to testing.

5 months ago
User Icon geraldosimiao commented & provided feedback 5 months ago
karma

works

User Icon filiperosset commented & provided feedback 5 months ago
karma

ok here

User Icon nixuser commented & provided feedback 5 months ago
karma

Working here OK.

User Icon bojan commented & provided feedback 5 months ago
karma

Works.

karma
User Icon imabug provided feedback 5 months ago
karma
User Icon kparal commented & provided feedback 4 months ago
karma

my UEFI Workstation boots fine on Thinkpad P1 gen3

User Icon adamwill commented & provided feedback 4 months ago

@nfrayer said he would add a fix for the XFS issue, but I don't see it yet.

User Icon adamwill commented & provided feedback 4 months ago

Given that this is a security fix and doesn't make things worse than they are at present, let's waive the failures and get it pushed stable.

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago

This update can be pushed to stable now if the maintainer wishes

4 months ago

adamwill edited this update.

New build(s):

  • grub2-2.06-118.fc39

Removed build(s):

  • grub2-2.06-117.fc39

Karma has been reset.

4 months ago

This update has been submitted for testing by adamwill.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

adamwill edited this update.

4 months ago

adamwill edited this update.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago
User Icon adamwill commented & provided feedback 4 months ago

OK, the "XFS-/boot-always-fails-on-BIOS" bug should be fixed with -118, nfrayer put the patch back. This does mean the bug it was intended to cause (which breaks boot for a different, less common set of circumstances) is back.

This update has been pushed to testing.

4 months ago
User Icon imabug provided feedback 4 months ago
karma
User Icon nixuser commented & provided feedback 4 months ago
karma

Working fine here.

Intel NUC NUC13ANHi7 (NUC13ANHi7000) (rev N11225-207) 1 x 13th Gen Intel(R) Core(TM) i7-1360P Intel Corporation Raptor Lake-P [Iris Xe Graphics] (rev 04)

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago
karma

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago
User Icon nfrayer commented & provided feedback 4 months ago

As @adamwill metioned, this update reintroduced an issue that was fixed by removing one of the XFS patch. A fix is being reviewed upstream and will be merged in Fedora as soon as it'll accepted.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
5 months ago
in testing
4 months ago
in stable
4 months ago
modified
4 months ago
approved
4 months ago
BZ#2256827 CVE-2024-1048 grub2: grub2-set-bootflag can be abused by local (pseudo-)users
0
0
BZ#2263036 CVE-2024-1048 grub2: grub2-set-bootflag can be abused by local (pseudo-)users [fedora-all]
0
0

Automated Test Results