Return to Level1Techs.com

GRUB2 Secure Boot Vulnerability: Boothole

CentOS is one of the easiest distros ive used in a long time honestly. super stable, run them on all production servers. They’re awesome

Oh, keep in mind as well, you have the bliss of endless reviewed and checked up to date documentation on everything, thanks to Red Hat.

1 Like

Didn’t use LVM nor a separated home folder.

I’ll look into it and might move to a newer version for Davinci Resolve and a higher version of QEMU.

For now, I guess I’ll put QEMU stuff on hold.

That should be the challenge instead of trying to stay on BSD.

Yeah and I think Davincci Resolve is even officially supported on CentOS so their knowledge base would be a boon if you ever have any quirks you need to iron out in the future. It’s always nice to have the option of support instead of having to do everything yourself.

1 Like

So yeah, the updates nuked my KDE neon VM because I mistakenly thought the 5.4 kernel was the root cause of my 1080 Ti underclocking, turns out my cable extensions fooled me into thinking they were connected, but one was disconnected. I uninstalled kernel 5.4, but when I went to re-install it, apt thought I was already caught up, so I manually installed it and that killed my networking. Uninstalling it then killed /efi/boot instead of falling back because it wouldn’t uninstall fully because dependencies.

Had to delete the offending incomplete removals in /boot by mounting my VM’s IMG file and choose the older kernel manually, then manually reinstalled…

you can’t be vulnerable to BootHole if you can’t boot [lol…]

Just an additional view on what was reported above. Funny by-line though

I’m sorry, I know I’m mature as fuck, but did they really named the “vulnerability” - boothole? Nobody will ever think of brutalising that name into a butthole…
What is your vulnerability? It’s the butthole.
Is your butthole safe or vulnerable?
I have patched my butthole ok I will stop now…

I’ll bite. How do you do this on CentOS?

I’m late to the party but since I update my openSUSE and Kubuntu systems constantly, I assume they got things under control rather quickly?

Kubuntu might have had early problems with the first deployment. You may have to re-install grub after updating if things went wrong.

So frens… what’s the verdict? Worth patching the infrastructure or is it a meme?

Interesting because I can’t report anything fancy going on with either my T420 or X240, both running Kubuntu 20.04 at this point :eyes:

I had problems with Neon where it doesn’t cleanly uninstall kernels.

You mean security hasn’t been screaming at your about the boot loader ransomware?

Check your vendors page to ensure it’s safe to patch against your system, otherwise don’t patch.

Does centos tag security patches? I must admit I can’t remember off the top of my head

I did got some grub related updates today on my Ubuntu Mate machine.
I restarted the system with no issues so far. :slight_smile:

1 Like

Should be fixed, Ubuntu had a bug tracker on it as well, i imaigne it was resolved over the weekend as others were.

2 Likes