CVE-2020-10713

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Forum Moderator
Posts: 29129
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 8 stuck on the Asus screen after installing updates

Post by TrevorH » 2020/07/31 15:52:02

MaRa wrote:
2020/07/31 07:51:20
What should I do? It took like 10 years of my like to configure this centOS 8 and now this problem.
Read this thread, read the linked bugzilla entries, revert the updates.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

jepachecoh
Posts: 1
Joined: 2020/07/31 17:24:48

Re: CVE-2020-10713

Post by jepachecoh » 2020/07/31 17:29:39

I can confirm this issue and found something I think is kind of odd.

Updated three of my servers to Linux 4.18.0-193.14.2.el8_2.x86_64 on x86_64 and two never boot up again.

Bricked servers had SSD disks installed the only server running on a non-SSD disk is happy and snappy.

I have been trying to boot using a previous kernel with no luck...

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/07/31 17:39:12

Suranovi wrote:
2020/07/31 04:50:36
warron.french wrote:
2020/07/31 01:56:26
Reading through the steps from the link you provided TrevorH (https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c16) I can get the machine to boot into a chroot'd jail (!yay! with a little sarcasm); however, I cannot configure the wireless network interface to get an Wireless connection and IP address.

Does anyone have the appropriate steps determined and ready to share to backout the packages most recently updated? This is a nightmare.
Hi,

I'm kind of stuck too. The instructions given in bugzilla are not enough to restore my Centos to a functionning state too as TrevorH suggested.

After a chroot, i can't use grub2-mkconfig because my /dev contains only /dev/null. The only way to access something is to "mount --bind /dev /mnt/sysimage/dev" before going inside the chroot /mnt/sysimage.

But even after that, i can make a grub.cfg but the whole directory structure of my grub seems off. There is nothing inside my /boot/efi/, i had to mkdir EFI and EFI/centos inside my /boot/efi/. This feels like this problem can't be solved in a clean way easily.

No post in the bugzilla talks about that.

@warron.french: if, as your name suggest, you're french, you can pm me, i'm french too, maybe we can help each other.
@Suranovi, I totally get why you would think I am French; however, I am not, I am actually American. But I do read/write/speak French, just not on a business level, more like an idiot on vacation that can request a beer.

Garçon, un bière, s'il vous plait. :-)

But I am always willing to improve my language skills, considering I also speak other languages.
Thanks,
War

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/07/31 17:40:27

TrevorH wrote:
2020/07/31 01:52:30
This bug is from RHEL, not CentOS.
I understand, but doesn't anyone test these patches before releasing critical failures such as this?
Thanks,
War

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/07/31 17:43:02

I experienced precisely the same errors that neige did.

I am glad you were able to copy/paste that data into the forum Neige.
Thanks,
War

waffle
Posts: 1
Joined: 2020/07/31 19:51:36

Re: CVE-2020-10713

Post by waffle » 2020/07/31 19:58:49

I tried the yum downgrade approach, but that failed with messages the the minimum version was already installed. To get around that, I fetched the previous versions manually from http://mirror.centos.org/centos-8/8.2.2 ... /Packages/ and specified all of those manually.

Code: Select all

yum downgrade \
    grub2-common-2.02-81.el8.noarch.rpm \
    grub2-efi-x64-2.02-81.el8.x86_64.rpm \
    grub2-pc-2.02-81.el8.x86_64.rpm \
    grub2-pc-modules-2.02-81.el8.noarch.rpm \
    grub2-tools-2.02-81.el8.x86_64.rpm \
    grub2-tools-efi-2.02-81.el8.x86_64.rpm \
    grub2-tools-extra-2.02-81.el8.x86_64.rpm \
    grub2-tools-minimal-2.02-81.el8.x86_64.rpm \
    shim-x64-15-11.el8.x86_64.rpm
Having done that, I was able to reboot, go through the selinux relable, and reboot again normally.

sneh3127
Posts: 2
Joined: 2018/09/30 09:59:25

Failed to start Switch Root

Post by sneh3127 » 2020/07/31 20:24:30

My CentOS System had vmlinuz-4.18.0-193.6.3.el8_2.x86_64 kernel and was working perfectly fine until I ran dnf update and updated to vmlinuz-4.18.0-193.14.2.el8_2.x86_64. During updating process there was an error message like error: lsetfilecon: (/boot/efi/EFI/centos, system_u:object_r:boot_t:s0) Operation not supported

Now the system is not booting and while booting it is showing an error that Failed to Start Switch Root.
I would appreciate it for helping me.

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/08/01 04:11:21

sneh3127,
you have to find a way to reboot with an ISO and enter Troubleshooting Mode.

Then when in Troubleshooting method you are expected to yum undo/yum erase the last set of packages you installed.

Maybe someone else can verify, but I believe you require networking to perform the yum commands to reverse the state of the baseline of your machine.

The problem I have experienced is I cannot get networking to work in Troubleshooting Mode under the chroot jail.
Thanks,
War

Nacho
Posts: 3
Joined: 2020/08/01 07:20:28

Re: CVE-2020-10713

Post by Nacho » 2020/08/01 07:29:05

My genius brother helped me activate network outside of chroot:

Code: Select all

 ip addr add <pick an IP-address, in my case 192.168.178.51/24> dev <name of your network controller, in my case eno2>
 ip link set dev <name of your network controller> up
 route add -net 0.0.0.0/0 gw <IP-address of your router>
 
However I still didn't get to recover GRUB2 :roll:
I hope that helps!

Nacho
Posts: 3
Joined: 2020/08/01 07:20:28

Re: CVE-2020-10713

Post by Nacho » 2020/08/01 07:36:56

I tried this, but it tells me

Code: Select all

Can not load RPM file: (...)
Error: No packages marked for downgrade.
waffle wrote:
2020/07/31 19:58:49
I tried the yum downgrade approach, but that failed with messages the the minimum version was already installed. To get around that, I fetched the previous versions manually from http://mirror.centos.org/centos-8/8.2.2 ... /Packages/ and specified all of those manually.

Code: Select all

yum downgrade \
    grub2-common-2.02-81.el8.noarch.rpm \
    grub2-efi-x64-2.02-81.el8.x86_64.rpm \
    grub2-pc-2.02-81.el8.x86_64.rpm \
    grub2-pc-modules-2.02-81.el8.noarch.rpm \
    grub2-tools-2.02-81.el8.x86_64.rpm \
    grub2-tools-efi-2.02-81.el8.x86_64.rpm \
    grub2-tools-extra-2.02-81.el8.x86_64.rpm \
    grub2-tools-minimal-2.02-81.el8.x86_64.rpm \
    shim-x64-15-11.el8.x86_64.rpm
Having done that, I was able to reboot, go through the selinux relable, and reboot again normally.

Post Reply

Return to “CentOS 8 - Security Support”