CVE-2020-10713

Support for security such as Firewalls and securing linux
Anthorg
Posts: 2
Joined: 2020/07/30 18:17:26

Re: CVE-2020-10713

Post by Anthorg » 2020/07/30 22:37:37

So, yeah... Need more help.

This part:
(In reply to Sandro Bonazzola from comment #6)
> I booted my system with the installation ISO in troubleshoot mode, chrooted
> to /mnt/sysimage, regenerated the grub.cfg with grub2-mkconfig and executed
> grub2-install.
> Now I can go past grub but got stuck to emergency shell failing swtching
> root.

solved this by actually copying the grubenv file to /boot/grub2 instead of relying on the symlink to efi.

I don't know where I'm supposed to copy grubenv from.

--

Below there's a suggestion which seems to have worked for some people which involves the command setup networking. My system says that it doesn't find the command setup and I can't install from yum because... well, no network.

I would really appreciate some help.

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/07/31 01:23:21

Not good! Why weren't these tested better?

Luckily for me, I am just running CentOS 8 on an unimportant personal laptop.
I know we have no right to professional expectations, but this is really bad.

The machine I executed these updates on were:

Code: Select all

HP Notebook -              15-ba015wm
Product#                   1NT85UA#ABA
System Board ID#           82F6
Processor Type             AMD E2-7110 APU with AMD Radeon R2 Graphics
BIOS Version               F.24
BIOS Vendor                Insyde
Legacy Support            Disabled
Secure Boot                 Enabled
By the way, I noticed a problem with the grub2-efi-2.02-87 package during the yum update process. I noticed some difficulty downloading it, and the yum upgrade proceeded anyway (I am noticing a lot of yum updatse having package download issues) and then during the actual implementation of the package update for grub2-efi certain errors were on the screen, repeated a few times. I don't remember the details, but it seemed pretty weird.
Thanks,
War

User avatar
TrevorH
Forum Moderator
Posts: 29105
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2020-10713

Post by TrevorH » 2020/07/31 01:52:30

This bug is from RHEL, not CentOS.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/07/31 01:56:26

Reading through the steps from the link you provided TrevorH (https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c16) I can get the machine to boot into a chroot'd jail (!yay! with a little sarcasm); however, I cannot configure the wireless network interface to get an Wireless connection and IP address.

Does anyone have the appropriate steps determined and ready to share to backout the packages most recently updated? This is a nightmare.
Thanks,
War

Suranovi
Posts: 4
Joined: 2020/07/30 15:19:08

Re: CVE-2020-10713

Post by Suranovi » 2020/07/31 04:50:36

warron.french wrote:
2020/07/31 01:56:26
Reading through the steps from the link you provided TrevorH (https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c16) I can get the machine to boot into a chroot'd jail (!yay! with a little sarcasm); however, I cannot configure the wireless network interface to get an Wireless connection and IP address.

Does anyone have the appropriate steps determined and ready to share to backout the packages most recently updated? This is a nightmare.
Hi,

I'm kind of stuck too. The instructions given in bugzilla are not enough to restore my Centos to a functionning state too as TrevorH suggested.

After a chroot, i can't use grub2-mkconfig because my /dev contains only /dev/null. The only way to access something is to "mount --bind /dev /mnt/sysimage/dev" before going inside the chroot /mnt/sysimage.

But even after that, i can make a grub.cfg but the whole directory structure of my grub seems off. There is nothing inside my /boot/efi/, i had to mkdir EFI and EFI/centos inside my /boot/efi/. This feels like this problem can't be solved in a clean way easily.

No post in the bugzilla talks about that.

@warron.french: if, as your name suggest, you're french, you can pm me, i'm french too, maybe we can help each other.

Suranovi
Posts: 4
Joined: 2020/07/30 15:19:08

Re: CVE-2020-10713

Post by Suranovi » 2020/07/31 07:22:45

Ok now i'm completely lost.

I've shut down my PC yesterday, restarted it today and got grub and all works with latest kernel and grub... Seems my PC is self-healing or i've entered the matrix.

MaRa
Posts: 1
Joined: 2020/07/08 07:19:13

CentOS 8 stuck on the Asus screen after installing updates

Post by MaRa » 2020/07/31 07:51:20

Recently I have installed Linux CentOS 8 and after many things to fix, like drivers, I've managed to make it work it just fine.

Today I've installed an OS update. The update was installed very quickly, but then, when the system had to reboot, it didn't and just got stuck on the Asus sceen . And I figured out that my CPUs started using like 100% or more when this happened.


Any ideas how this can be fixed? Do I need to take my laptop to a service to check my hardware and reinstall the operating system?

What should I do? It took like 10 years of my like to configure this centOS 8 and now this problem.

mbk1people
Posts: 2
Joined: 2020/07/30 23:51:06

Re: CVE-2020-10713

Post by mbk1people » 2020/07/31 13:15:34

dasergatskov wrote:
2020/07/30 15:57:31
Here is how to repair it:
https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c7

Dmitri.
--
Which iso I should use to do this? I've tried both 8.2.2004 iso and stream iso, none is working into boot from USB.

UPDATE:
Finally get it working.
After copying the shimx64.efi
But, now got stuck in selinux-autorelabel ???

neige
Posts: 4
Joined: 2020/07/31 15:09:38

Re: CVE-2020-10713

Post by neige » 2020/07/31 15:33:49

TrevorH wrote:
2020/07/30 16:39:32
This is being tracked upstream on https://bugzilla.redhat.com/show_bug.cgi?id=1861977 (for CentOS 8).

I think it would be useful to gather some data about the exact types of machine that are being affected here. Makes? models? BIOS/UEFI versions? Secure Boot on or off? using UEFI or Legacy BIOS? How you applied the update? (I've seen one report that said the GUI software updater broke it and running yum from the command line after restoring back to the old versions worked).

There is a separate bz entry for the same problem on CentOS 7 and that's https://bugzilla.redhat.com/show_bug.cgi?id=1862045 which I'll also post on the CentOS 7 thread of a similar nature.
Hi,
I confirm that after updating CentOS8 today my Hyper-V Virtual Machines all do not work. The VM (UEFI, Secure Boot Disabled) all hang on the Hyper-V logo. No way to get anything else. I am running Hyper-V on Server 2019 Datacennter version 17763.1369.
Restoring a backup made at 4 AM this morning with Windows Server Backup did not work either.
Luckily I had exported all the Virtual Machines last Sunday and I was able to import them in Hyper-V and they work still.
I disabled all System Updates in Plesk and wait until the issue is solved.
I hope my input helps.
Have all a great weekend.
BR
N :)
Last edited by neige on 2020/07/31 22:00:00, edited 1 time in total.

neige
Posts: 4
Joined: 2020/07/31 15:09:38

Re: CVE-2020-10713

Post by neige » 2020/07/31 15:43:58

To complete my previous post here is the update log for a Hyper-V VM (UEFI, Secure Boot Disabled) on Windows Server 2019 Datacenter.

Last metadata expiration check: 0:02:10 ago on Fri Jul 31 17:34:44 2020.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel x86_64 4.18.0-193.14.2.el8_2 BaseOS 2.8 M
kernel-core x86_64 4.18.0-193.14.2.el8_2 BaseOS 28 M
kernel-devel x86_64 4.18.0-193.14.2.el8_2 BaseOS 15 M
kernel-modules x86_64 4.18.0-193.14.2.el8_2 BaseOS 23 M
Upgrading:
bpftool x86_64 4.18.0-193.14.2.el8_2 BaseOS 3.4 M
grub2-common noarch 1:2.02-87.el8_2 BaseOS 882 k
grub2-efi-x64 x86_64 1:2.02-87.el8_2 BaseOS 405 k
grub2-pc x86_64 1:2.02-87.el8_2 BaseOS 37 k
grub2-pc-modules noarch 1:2.02-87.el8_2 BaseOS 863 k
grub2-tools x86_64 1:2.02-87.el8_2 BaseOS 2.0 M
grub2-tools-efi x86_64 1:2.02-87.el8_2 BaseOS 467 k
grub2-tools-extra x86_64 1:2.02-87.el8_2 BaseOS 1.1 M
grub2-tools-minimal x86_64 1:2.02-87.el8_2 BaseOS 202 k
kernel-headers x86_64 4.18.0-193.14.2.el8_2 BaseOS 4.0 M
kernel-tools x86_64 4.18.0-193.14.2.el8_2 BaseOS 3.0 M
kernel-tools-libs x86_64 4.18.0-193.14.2.el8_2 BaseOS 2.8 M
python3-perf x86_64 4.18.0-193.14.2.el8_2 BaseOS 2.9 M
shim-x64 x86_64 15-13.el8 BaseOS 759 k

Transaction Summary
================================================================================
Install 4 Packages
Upgrade 14 Packages

Total download size: 92 M
Downloading Packages:
(1/18): kernel-4.18.0-193.14.2.el8_2.x86_64.rpm 3.6 MB/s | 2.8 MB 00:00
(2/18): kernel-devel-4.18.0-193.14.2.el8_2.x86_ 3.5 MB/s | 15 MB 00:04
(3/18): bpftool-4.18.0-193.14.2.el8_2.x86_64.rp 2.7 MB/s | 3.4 MB 00:01
(4/18): grub2-common-2.02-87.el8_2.noarch.rpm 3.0 MB/s | 882 kB 00:00
(5/18): grub2-efi-x64-2.02-87.el8_2.x86_64.rpm 3.6 MB/s | 405 kB 00:00
(6/18): grub2-pc-2.02-87.el8_2.x86_64.rpm 3.5 MB/s | 37 kB 00:00
(7/18): kernel-core-4.18.0-193.14.2.el8_2.x86_6 4.5 MB/s | 28 MB 00:06
(8/18): grub2-pc-modules-2.02-87.el8_2.noarch.r 1.9 MB/s | 863 kB 00:00
(9/18): grub2-tools-efi-2.02-87.el8_2.x86_64.rp 2.8 MB/s | 467 kB 00:00
(10/18): grub2-tools-2.02-87.el8_2.x86_64.rpm 4.6 MB/s | 2.0 MB 00:00
(11/18): grub2-tools-minimal-2.02-87.el8_2.x86_ 2.7 MB/s | 202 kB 00:00
(12/18): grub2-tools-extra-2.02-87.el8_2.x86_64 2.9 MB/s | 1.1 MB 00:00
(13/18): kernel-headers-4.18.0-193.14.2.el8_2.x 3.8 MB/s | 4.0 MB 00:01
(14/18): kernel-tools-4.18.0-193.14.2.el8_2.x86 2.7 MB/s | 3.0 MB 00:01
(15/18): kernel-modules-4.18.0-193.14.2.el8_2.x 3.0 MB/s | 23 MB 00:07
(16/18): kernel-tools-libs-4.18.0-193.14.2.el8_ 3.4 MB/s | 2.8 MB 00:00
(17/18): shim-x64-15-13.el8.x86_64.rpm 4.4 MB/s | 759 kB 00:00
(18/18): python3-perf-4.18.0-193.14.2.el8_2.x86 3.4 MB/s | 2.9 MB 00:00
--------------------------------------------------------------------------------
Total 10 MB/s | 92 MB 00:09
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: grub2-common-1:2.02-87.el8_2.noarch 1/1
Upgrading : grub2-common-1:2.02-87.el8_2.noarch 1/32
error: lsetfilecon: (/boot/efi/EFI/centos, system_u:object_r:boot_t:s0) Operation not supported

Upgrading : grub2-tools-minimal-1:2.02-87.el8_2.x86_64 2/32
Upgrading : grub2-tools-extra-1:2.02-87.el8_2.x86_64 3/32
Running scriptlet: grub2-tools-1:2.02-87.el8_2.x86_64 4/32
Upgrading : grub2-tools-1:2.02-87.el8_2.x86_64 4/32
Running scriptlet: grub2-tools-1:2.02-87.el8_2.x86_64 4/32
Installing : kernel-core-4.18.0-193.14.2.el8_2.x86_64 5/32
Running scriptlet: kernel-core-4.18.0-193.14.2.el8_2.x86_64 5/32
Installing : kernel-modules-4.18.0-193.14.2.el8_2.x86_64 6/32
Running scriptlet: kernel-modules-4.18.0-193.14.2.el8_2.x86_64 6/32
Upgrading : grub2-pc-modules-1:2.02-87.el8_2.noarch 7/32
Upgrading : kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64 8/32
Running scriptlet: kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64 8/32
Upgrading : kernel-tools-4.18.0-193.14.2.el8_2.x86_64 9/32
Upgrading : grub2-pc-1:2.02-87.el8_2.x86_64 10/32
Installing : kernel-4.18.0-193.14.2.el8_2.x86_64 11/32
Upgrading : grub2-efi-x64-1:2.02-87.el8_2.x86_64 12/32
error: lsetfilecon: (/boot/efi/EFI/centos/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/centos/grubx64.efi;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported


Upgrading : grub2-tools-efi-1:2.02-87.el8_2.x86_64 13/32
Upgrading : shim-x64-15-13.el8.x86_64 14/32
error: lsetfilecon: (/boot/efi/EFI/BOOT/BOOTX64.EFI;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/BOOT/fbx64.efi;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/centos/BOOTX64.CSV;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/centos/mmx64.efi;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/centos/shimx64-centos.efi;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/centos/shimx64.efi;5f243ab2, system_u:object_r:boot_t:s0) Operation not supported


Upgrading : python3-perf-4.18.0-193.14.2.el8_2.x86_64 15/32
Upgrading : kernel-headers-4.18.0-193.14.2.el8_2.x86_64 16/32
Upgrading : bpftool-4.18.0-193.14.2.el8_2.x86_64 17/32
Installing : kernel-devel-4.18.0-193.14.2.el8_2.x86_64 18/32
Running scriptlet: kernel-devel-4.18.0-193.14.2.el8_2.x86_64 18/32
Cleanup : grub2-pc-1:2.02-81.el8.x86_64 19/32
Cleanup : grub2-efi-x64-1:2.02-81.el8.x86_64 20/32
Cleanup : grub2-tools-extra-1:2.02-81.el8.x86_64 21/32
Cleanup : kernel-tools-4.18.0-193.6.3.el8_2.x86_64 22/32
Cleanup : grub2-pc-modules-1:2.02-81.el8.noarch 23/32
Cleanup : grub2-tools-minimal-1:2.02-81.el8.x86_64 24/32
Running scriptlet: grub2-tools-1:2.02-81.el8.x86_64 25/32
Cleanup : grub2-tools-1:2.02-81.el8.x86_64 25/32
Cleanup : grub2-tools-efi-1:2.02-81.el8.x86_64 26/32
Cleanup : grub2-common-1:2.02-81.el8.noarch 27/32
Cleanup : shim-x64-15-11.el8.x86_64 28/32
Cleanup : kernel-headers-4.18.0-193.6.3.el8_2.x86_64 29/32
Cleanup : kernel-tools-libs-4.18.0-193.6.3.el8_2.x86_64 30/32
Running scriptlet: kernel-tools-libs-4.18.0-193.6.3.el8_2.x86_64 30/32
Cleanup : python3-perf-4.18.0-193.6.3.el8_2.x86_64 31/32
Cleanup : bpftool-4.18.0-193.6.3.el8_2.x86_64 32/32
Running scriptlet: kernel-core-4.18.0-193.14.2.el8_2.x86_64 32/32
Running scriptlet: bpftool-4.18.0-193.6.3.el8_2.x86_64 32/32
Verifying : kernel-4.18.0-193.14.2.el8_2.x86_64 1/32
Verifying : kernel-core-4.18.0-193.14.2.el8_2.x86_64 2/32
Verifying : kernel-devel-4.18.0-193.14.2.el8_2.x86_64 3/32
Verifying : kernel-modules-4.18.0-193.14.2.el8_2.x86_64 4/32
Verifying : bpftool-4.18.0-193.14.2.el8_2.x86_64 5/32
Verifying : bpftool-4.18.0-193.6.3.el8_2.x86_64 6/32
Verifying : grub2-common-1:2.02-87.el8_2.noarch 7/32
Verifying : grub2-common-1:2.02-81.el8.noarch 8/32
Verifying : grub2-efi-x64-1:2.02-87.el8_2.x86_64 9/32
Verifying : grub2-efi-x64-1:2.02-81.el8.x86_64 10/32
Verifying : grub2-pc-1:2.02-87.el8_2.x86_64 11/32
Verifying : grub2-pc-1:2.02-81.el8.x86_64 12/32
Verifying : grub2-pc-modules-1:2.02-87.el8_2.noarch 13/32
Verifying : grub2-pc-modules-1:2.02-81.el8.noarch 14/32
Verifying : grub2-tools-1:2.02-87.el8_2.x86_64 15/32
Verifying : grub2-tools-1:2.02-81.el8.x86_64 16/32
Verifying : grub2-tools-efi-1:2.02-87.el8_2.x86_64 17/32
Verifying : grub2-tools-efi-1:2.02-81.el8.x86_64 18/32
Verifying : grub2-tools-extra-1:2.02-87.el8_2.x86_64 19/32
Verifying : grub2-tools-extra-1:2.02-81.el8.x86_64 20/32
Verifying : grub2-tools-minimal-1:2.02-87.el8_2.x86_64 21/32
Verifying : grub2-tools-minimal-1:2.02-81.el8.x86_64 22/32
Verifying : kernel-headers-4.18.0-193.14.2.el8_2.x86_64 23/32
Verifying : kernel-headers-4.18.0-193.6.3.el8_2.x86_64 24/32
Verifying : kernel-tools-4.18.0-193.14.2.el8_2.x86_64 25/32
Verifying : kernel-tools-4.18.0-193.6.3.el8_2.x86_64 26/32
Verifying : kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64 27/32
Verifying : kernel-tools-libs-4.18.0-193.6.3.el8_2.x86_64 28/32
Verifying : python3-perf-4.18.0-193.14.2.el8_2.x86_64 29/32
Verifying : python3-perf-4.18.0-193.6.3.el8_2.x86_64 30/32
Verifying : shim-x64-15-13.el8.x86_64 31/32
Verifying : shim-x64-15-11.el8.x86_64 32/32

bpftool-4.18.0-193.14.2.el8_2.x86_64
grub2-common-1:2.02-87.el8_2.noarch
grub2-efi-x64-1:2.02-87.el8_2.x86_64
grub2-pc-1:2.02-87.el8_2.x86_64
grub2-pc-modules-1:2.02-87.el8_2.noarch
grub2-tools-1:2.02-87.el8_2.x86_64
grub2-tools-efi-1:2.02-87.el8_2.x86_64
grub2-tools-extra-1:2.02-87.el8_2.x86_64
grub2-tools-minimal-1:2.02-87.el8_2.x86_64
kernel-headers-4.18.0-193.14.2.el8_2.x86_64
kernel-tools-4.18.0-193.14.2.el8_2.x86_64
kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64
python3-perf-4.18.0-193.14.2.el8_2.x86_64
shim-x64-15-13.el8.x86_64

Installed:
kernel-4.18.0-193.14.2.el8_2.x86_64
kernel-core-4.18.0-193.14.2.el8_2.x86_64
kernel-devel-4.18.0-193.14.2.el8_2.x86_64
kernel-modules-4.18.0-193.14.2.el8_2.x86_64

Complete!
Upgraded:

Hope it helps.
BR
N :)

Post Reply

Return to “CentOS 8 - Security Support”