Read this thread, read the linked bugzilla entries, revert the updates.
CVE-2020-10713
Re: CentOS 8 stuck on the Asus screen after installing updates
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 1
- Joined: 2020/07/31 17:24:48
Re: CVE-2020-10713
I can confirm this issue and found something I think is kind of odd.
Updated three of my servers to Linux 4.18.0-193.14.2.el8_2.x86_64 on x86_64 and two never boot up again.
Bricked servers had SSD disks installed the only server running on a non-SSD disk is happy and snappy.
I have been trying to boot using a previous kernel with no luck...
Updated three of my servers to Linux 4.18.0-193.14.2.el8_2.x86_64 on x86_64 and two never boot up again.
Bricked servers had SSD disks installed the only server running on a non-SSD disk is happy and snappy.
I have been trying to boot using a previous kernel with no luck...
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: CVE-2020-10713
@Suranovi, I totally get why you would think I am French; however, I am not, I am actually American. But I do read/write/speak French, just not on a business level, more like an idiot on vacation that can request a beer.Suranovi wrote: ↑2020/07/31 04:50:36Hi,warron.french wrote: ↑2020/07/31 01:56:26Reading through the steps from the link you provided TrevorH (https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c16) I can get the machine to boot into a chroot'd jail (!yay! with a little sarcasm); however, I cannot configure the wireless network interface to get an Wireless connection and IP address.
Does anyone have the appropriate steps determined and ready to share to backout the packages most recently updated? This is a nightmare.
I'm kind of stuck too. The instructions given in bugzilla are not enough to restore my Centos to a functionning state too as TrevorH suggested.
After a chroot, i can't use grub2-mkconfig because my /dev contains only /dev/null. The only way to access something is to "mount --bind /dev /mnt/sysimage/dev" before going inside the chroot /mnt/sysimage.
But even after that, i can make a grub.cfg but the whole directory structure of my grub seems off. There is nothing inside my /boot/efi/, i had to mkdir EFI and EFI/centos inside my /boot/efi/. This feels like this problem can't be solved in a clean way easily.
No post in the bugzilla talks about that.
@warron.french: if, as your name suggest, you're french, you can pm me, i'm french too, maybe we can help each other.
Garçon, un bière, s'il vous plait.
But I am always willing to improve my language skills, considering I also speak other languages.
Thanks,
War
War
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: CVE-2020-10713
I understand, but doesn't anyone test these patches before releasing critical failures such as this?
Thanks,
War
War
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: CVE-2020-10713
I experienced precisely the same errors that neige did.
I am glad you were able to copy/paste that data into the forum Neige.
I am glad you were able to copy/paste that data into the forum Neige.
Thanks,
War
War
Re: CVE-2020-10713
I tried the yum downgrade approach, but that failed with messages the the minimum version was already installed. To get around that, I fetched the previous versions manually from http://mirror.centos.org/centos-8/8.2.2 ... /Packages/ and specified all of those manually.
Having done that, I was able to reboot, go through the selinux relable, and reboot again normally.
Code: Select all
yum downgrade \
grub2-common-2.02-81.el8.noarch.rpm \
grub2-efi-x64-2.02-81.el8.x86_64.rpm \
grub2-pc-2.02-81.el8.x86_64.rpm \
grub2-pc-modules-2.02-81.el8.noarch.rpm \
grub2-tools-2.02-81.el8.x86_64.rpm \
grub2-tools-efi-2.02-81.el8.x86_64.rpm \
grub2-tools-extra-2.02-81.el8.x86_64.rpm \
grub2-tools-minimal-2.02-81.el8.x86_64.rpm \
shim-x64-15-11.el8.x86_64.rpm
Failed to start Switch Root
My CentOS System had vmlinuz-4.18.0-193.6.3.el8_2.x86_64 kernel and was working perfectly fine until I ran dnf update and updated to vmlinuz-4.18.0-193.14.2.el8_2.x86_64. During updating process there was an error message like error: lsetfilecon: (/boot/efi/EFI/centos, system_u:object_r:boot_t:s0) Operation not supported
Now the system is not booting and while booting it is showing an error that Failed to Start Switch Root.
I would appreciate it for helping me.
Now the system is not booting and while booting it is showing an error that Failed to Start Switch Root.
I would appreciate it for helping me.
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: CVE-2020-10713
sneh3127,
you have to find a way to reboot with an ISO and enter Troubleshooting Mode.
Then when in Troubleshooting method you are expected to yum undo/yum erase the last set of packages you installed.
Maybe someone else can verify, but I believe you require networking to perform the yum commands to reverse the state of the baseline of your machine.
The problem I have experienced is I cannot get networking to work in Troubleshooting Mode under the chroot jail.
you have to find a way to reboot with an ISO and enter Troubleshooting Mode.
Then when in Troubleshooting method you are expected to yum undo/yum erase the last set of packages you installed.
Maybe someone else can verify, but I believe you require networking to perform the yum commands to reverse the state of the baseline of your machine.
The problem I have experienced is I cannot get networking to work in Troubleshooting Mode under the chroot jail.
Thanks,
War
War
Re: CVE-2020-10713
My genius brother helped me activate network outside of chroot:
However I still didn't get to recover GRUB2
I hope that helps!
Code: Select all
ip addr add <pick an IP-address, in my case 192.168.178.51/24> dev <name of your network controller, in my case eno2>
ip link set dev <name of your network controller> up
route add -net 0.0.0.0/0 gw <IP-address of your router>
I hope that helps!
Re: CVE-2020-10713
I tried this, but it tells me
Code: Select all
Can not load RPM file: (...)
Error: No packages marked for downgrade.
waffle wrote: ↑2020/07/31 19:58:49I tried the yum downgrade approach, but that failed with messages the the minimum version was already installed. To get around that, I fetched the previous versions manually from http://mirror.centos.org/centos-8/8.2.2 ... /Packages/ and specified all of those manually.
Having done that, I was able to reboot, go through the selinux relable, and reboot again normally.Code: Select all
yum downgrade \ grub2-common-2.02-81.el8.noarch.rpm \ grub2-efi-x64-2.02-81.el8.x86_64.rpm \ grub2-pc-2.02-81.el8.x86_64.rpm \ grub2-pc-modules-2.02-81.el8.noarch.rpm \ grub2-tools-2.02-81.el8.x86_64.rpm \ grub2-tools-efi-2.02-81.el8.x86_64.rpm \ grub2-tools-extra-2.02-81.el8.x86_64.rpm \ grub2-tools-minimal-2.02-81.el8.x86_64.rpm \ shim-x64-15-11.el8.x86_64.rpm