CVE-2020-10713

Support for security such as Firewalls and securing linux
sneh3127
Posts: 2
Joined: 2018/09/30 09:59:25

Re: CVE-2020-10713

Post by sneh3127 » 2020/08/01 10:22:58

Thank You for helping me out.

1 I ran dnf history
2. dnf undo <no> serially undoing it
3. same problem as before.

What I noticed is that while in grub menu while booting to choose the kernel. All the parameters to boot to a lvm is missing and I manually entered " GRUB_CMDLINE_LINUX="root=/dev/mapper/cl_server-root ro crashkernel=auto resume=/dev/mapper/cl_server-swap rd.lvm.lv=cl_server/root rd.lvm.lv=cl_server/swap".

Even after generating a new grub2 file by the command

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
the command succeeds

but same problem after restart and then the kernel boots to Failed to Switch Root

and as rhgb quiet is not there the system is showing a lot of failed messages and it boots to graphical display after a long time.

Thanks War

Nacho
Posts: 3
Joined: 2020/08/01 07:20:28

Re: CVE-2020-10713

Post by Nacho » 2020/08/01 12:12:50

I got my system back up with this: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32

Hola that helps!
Nacho wrote:
2020/08/01 07:29:05
My genius brother helped me activate network outside of chroot:

Code: Select all

 ip addr add <pick an IP-address, in my case 192.168.178.51/24> dev <name of your network controller, in my case eno2>
 ip link set dev <name of your network controller> up
 route add -net 0.0.0.0/0 gw <IP-address of your router>
 
However I still didn't get to recover GRUB2 :roll:
I hope that helps!

KarHar
Posts: 2
Joined: 2020/08/01 16:24:35

Re: CVE-2020-10713

Post by KarHar » 2020/08/01 16:37:32

Boot with CentOS stick - Troubleshoot
chroot/sysimage
dhclient <your interface>
to get network access
nano /etc/yum.conf
exclude=grub2* shim* mokutil
/boot/efi/EFI/centos/shimx64.efi
replace by an older one taken from https://bugzilla.redhat.com/attachment.cgi?id=1702984
as published here: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32
post from: Javier Martinez Canillas 2020-07-30 18:32:23 UTC
works

Wondering when to remove above mentioned yum exclusions?

ojarana
Posts: 1
Joined: 2020/08/01 15:49:15

Re: CVE-2020-10713

Post by ojarana » 2020/08/01 16:37:49

https://access.redhat.com/solutions/5272311 this apear resolve problem. i working on.

User avatar
TrevorH
Forum Moderator
Posts: 29128
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2020-10713

Post by TrevorH » 2020/08/01 16:56:42

Please note that there are currently no fixed CentOS packages for this so even though/if the RH KB article says it's fixed by updating to the latest, it is not yet on CentOS. RHEL have fixed packages out, CentOS do not. Yet.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: CVE-2020-10713

Post by warron.french » 2020/08/02 01:29:14

TrevorH wrote:
2020/08/01 16:56:42
Please note that there are currently no fixed CentOS packages for this so even though/if the RH KB article says it's fixed by updating to the latest, it is not yet on CentOS. RHEL have fixed packages out, CentOS do not. Yet.
This is very helpful to know upfront. Thank you TrevorH for the information.

I received this link - https://access.redhat.com/solutions/5272311 from a buddy of mine, because he knew I was having this problem.
It looks like Nacho (with his brother's help made some progress on the networking issue).
Thanks,
War

User avatar
TrevorH
Forum Moderator
Posts: 29128
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2020-10713

Post by TrevorH » 2020/08/02 02:34:52

You might want to short cut the network issue since even if you do that, yum currently only knows this one kernel and you cannot downgrade. Grab a web browser on a different machine and a USB stick, download all of the previous versions of everything returned by rpm -qa --qf '%{name}\n' kernel\* grub2\* shim\* | sort | uniq onto that, plug it into the broken machine, mount it somewhere, cd to it then yum --disablerepo=\* downgrade *.rpm
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
TrevorH
Forum Moderator
Posts: 29128
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2020-10713

Post by TrevorH » 2020/08/02 13:16:34

I am told that new packages are in the process of being released. For CentOS 8 you will need shim packages with a version of 15-15.el8 or higher and it may be necessary to do a `yum clean all` before checking for new updates to pick it up. I'm not yet seeing this package on my local mirrors but the CentOS 7 one is there.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

KarHar
Posts: 2
Joined: 2020/08/01 16:24:35

Re: CVE-2020-10713

Post by KarHar » 2020/08/02 13:48:28

My systems just tell me
bug fix available
shim-x64 15-15.el8_2
I'll give it a try on one of them
- looking good
so now done the other ones too

groupboard
Posts: 1
Joined: 2020/08/02 15:27:54

Re: CVE-2020-10713

Post by groupboard » 2020/08/02 17:10:41

deleted.
Last edited by groupboard on 2020/08/03 15:45:12, edited 1 time in total.

Post Reply

Return to “CentOS 8 - Security Support”