News for Admins

Tech News

BootHole Patched for CentOS

If you're not aware, a fairly malicious vulnerability was found and dubbed BootHole (being tracked as CVE-2020-10713 – https://access.redhat.com/security/cve/CVE-2020-10713). This issue could impede the bootloading process of an operating system and can affect any version of GRUB2, prior to version 2.06. The vulnerability allows attackers to hijack and alter the GRUB2 verification process and bypass Secure Boot protections.

Of course, in order to take advantage of this flaw, an attacker would have to have access to the physical system or remote access to the grub.cfg configuration file. The BootHole vulnerability even works with Secure Boot enabled because on many devices the Secure Boot process doesn't cryptographically verify the grub.cfg file.

Fortunately, all affected platforms are in the process of releasing patches for the vulnerability. As of August 3rd, 2020, the CentOS developers have released patches for their platform. All CentOS administrators should make sure they are using the proper shim packages with the correct fixes. The packages in question are shim-x64-15-15.el8_2.x86_64.rpm (CentOS 8) or shim-x64-15-8.el7_8.x86_64.rpm (CentOS 7). To install those shims, you could issue the command sudo dnf install shim-x64-15-15.el8_2 (for CentOS 8) or sudo dnf install shim-x64-15-8.el7_8 (for CentOS 7).

For more information, check out the official CentOS bug page (https://bugs.centos.org/view.php?id=17631) for the shim package.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=