Page 4 of 5

Re: CVE-2020-10713

Posted: 2020/08/01 10:22:58
by sneh3127
Thank You for helping me out.

1 I ran dnf history
2. dnf undo <no> serially undoing it
3. same problem as before.

What I noticed is that while in grub menu while booting to choose the kernel. All the parameters to boot to a lvm is missing and I manually entered " GRUB_CMDLINE_LINUX="root=/dev/mapper/cl_server-root ro crashkernel=auto resume=/dev/mapper/cl_server-swap rd.lvm.lv=cl_server/root rd.lvm.lv=cl_server/swap".

Even after generating a new grub2 file by the command

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
the command succeeds

but same problem after restart and then the kernel boots to Failed to Switch Root

and as rhgb quiet is not there the system is showing a lot of failed messages and it boots to graphical display after a long time.

Thanks War

Re: CVE-2020-10713

Posted: 2020/08/01 12:12:50
by Nacho
I got my system back up with this: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32

Hola that helps!
Nacho wrote:
2020/08/01 07:29:05
My genius brother helped me activate network outside of chroot:

Code: Select all

 ip addr add <pick an IP-address, in my case 192.168.178.51/24> dev <name of your network controller, in my case eno2>
 ip link set dev <name of your network controller> up
 route add -net 0.0.0.0/0 gw <IP-address of your router>
 
However I still didn't get to recover GRUB2 :roll:
I hope that helps!

Re: CVE-2020-10713

Posted: 2020/08/01 16:37:32
by KarHar
Boot with CentOS stick - Troubleshoot
chroot/sysimage
dhclient <your interface>
to get network access
nano /etc/yum.conf
exclude=grub2* shim* mokutil
/boot/efi/EFI/centos/shimx64.efi
replace by an older one taken from https://bugzilla.redhat.com/attachment.cgi?id=1702984
as published here: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32
post from: Javier Martinez Canillas 2020-07-30 18:32:23 UTC
works

Wondering when to remove above mentioned yum exclusions?

Re: CVE-2020-10713

Posted: 2020/08/01 16:37:49
by ojarana
https://access.redhat.com/solutions/5272311 this apear resolve problem. i working on.

Re: CVE-2020-10713

Posted: 2020/08/01 16:56:42
by TrevorH
Please note that there are currently no fixed CentOS packages for this so even though/if the RH KB article says it's fixed by updating to the latest, it is not yet on CentOS. RHEL have fixed packages out, CentOS do not. Yet.

Re: CVE-2020-10713

Posted: 2020/08/02 01:29:14
by warron.french
TrevorH wrote:
2020/08/01 16:56:42
Please note that there are currently no fixed CentOS packages for this so even though/if the RH KB article says it's fixed by updating to the latest, it is not yet on CentOS. RHEL have fixed packages out, CentOS do not. Yet.
This is very helpful to know upfront. Thank you TrevorH for the information.

I received this link - https://access.redhat.com/solutions/5272311 from a buddy of mine, because he knew I was having this problem.
It looks like Nacho (with his brother's help made some progress on the networking issue).

Re: CVE-2020-10713

Posted: 2020/08/02 02:34:52
by TrevorH
You might want to short cut the network issue since even if you do that, yum currently only knows this one kernel and you cannot downgrade. Grab a web browser on a different machine and a USB stick, download all of the previous versions of everything returned by rpm -qa --qf '%{name}\n' kernel\* grub2\* shim\* | sort | uniq onto that, plug it into the broken machine, mount it somewhere, cd to it then yum --disablerepo=\* downgrade *.rpm

Re: CVE-2020-10713

Posted: 2020/08/02 13:16:34
by TrevorH
I am told that new packages are in the process of being released. For CentOS 8 you will need shim packages with a version of 15-15.el8 or higher and it may be necessary to do a `yum clean all` before checking for new updates to pick it up. I'm not yet seeing this package on my local mirrors but the CentOS 7 one is there.

Re: CVE-2020-10713

Posted: 2020/08/02 13:48:28
by KarHar
My systems just tell me
bug fix available
shim-x64 15-15.el8_2
I'll give it a try on one of them
- looking good
so now done the other ones too

Re: CVE-2020-10713

Posted: 2020/08/02 17:10:41
by groupboard
deleted.