Heads up: "BootHole" security issue

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Heads up: "BootHole" security issue

Marcus Meissner
Hi folks,

Researchers from Eclypsium just published a new vulnerability in grub2 called
"BootHole".

We put a highlevel view in a blog:
        https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/

and our TID:
        https://www.suse.com/support/kb/doc/?id=000019673

The points in there apply the same way to openSUSE.

For openSUSE Leap 15.2, Lubos and I plan a "fall" respin of the DVD
media that continue to boot in updated UEFI secure boot scenarios

openSUSE Maintenance and Security work will now commence on this issue,
we will be publishing grub2 and other updates in the next days and also
do the signing key rotation before this.

Ciao, Marcus

signature.asc (849 bytes) Download Attachment