Fedora 38 : grub2 (2024-633dc7e183)

medium Nessus Plugin ID 189986

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-633dc7e183 advisory.

Combined update for several fixes as well as security fix for CVE-2023-4001

``` Mon Jan 15 2024 Nicolas Frayer <[email protected]> - 2.06-114 grub-core/commands: add flag to only search root dev Resolves: #2223437 Resolves: #2224951 Resolves: #2258096 Resolves: CVE-2023-4001

Sat Jan 13 2024 Hector Martin <[email protected]> - 2.06-113 Switch memdisk compression to lzop

Thu Jan 11 2024 Daan De Meyer <[email protected]> - 2.06-112 Don't obsolete the tools package with minimal

Mon Jan 8 2024 Nicolas Frayer <[email protected]> - 2.06-111 xfs: some bios systems with /boot partition created with xfsprog < 6.5.0 can't boot with one of the xfs upstream patches Resolves: #2254370

Tue Dec 19 2023 Nicolas Frayer <[email protected]> - 2.06-110 normal: fix prefix when loading modules Resolves: #2209435 Resolves: #2173015

Tue Dec 12 2023 leo sandoval <[email protected]> - 2.06-109 chainloader: remove device path debug message ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected 1:grub2 package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2024-633dc7e183

Plugin Details

Severity: Medium

ID: 189986

File Name: fedora_2024-633dc7e183.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/5/2024

Updated: 11/14/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-4001

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:grub2

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/18/2024

Vulnerability Publication Date: 1/15/2024

Reference Information

CVE: CVE-2023-4001