Bug 14072

Summary:	[CVE 21] grub2 2.06 CVEs found (2)
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	critical
Priority:	Highest	CC:	a.proklov, pastordidi, s.matveev
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2022-2601,CVE-2021-46705,CVE-2022-3775
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-11-30 16:46:48 MSK

https://nvd.nist.gov/vuln/detail/CVE-2022-2601 Base Score: 8.6 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2021-46705 4.4 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2022-3775 Base Score: 7.1 HIGH

Comment 1 Svyatoslav Matveev 2023-11-30 23:12:20 MSK

********** QA ADVISORY **********

CVE-2022-2601 CVE-2022-3775
закрыты наложением патчей.

CVE-2021-46705 для Suse
в сыллке написано(отметил в спеке).

*** grub2
**  2.06 release +1

https://abf.io/build_lists/4849258
https://abf.io/build_lists/4849259
https://abf.io/build_lists/4849260

Comment 2 Dmitry Postnikov 2023-12-04 13:58:30 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-13 18:06:56 MSK

grub2-2.06-20
https://abf.io/build_lists/4849258
https://abf.io/build_lists/4849259
https://abf.io/build_lists/4849260
***************************** Advisory ************************
CVEs closed by patches
***************************************************************
QA Verified