CVE-2020-10713
Re: CVE-2020-10713
Thank You for helping me out.
1 I ran dnf history
2. dnf undo <no> serially undoing it
3. same problem as before.
What I noticed is that while in grub menu while booting to choose the kernel. All the parameters to boot to a lvm is missing and I manually entered " GRUB_CMDLINE_LINUX="root=/dev/mapper/cl_server-root ro crashkernel=auto resume=/dev/mapper/cl_server-swap rd.lvm.lv=cl_server/root rd.lvm.lv=cl_server/swap".
Even after generating a new grub2 file by the command
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
the command succeeds
but same problem after restart and then the kernel boots to Failed to Switch Root
and as rhgb quiet is not there the system is showing a lot of failed messages and it boots to graphical display after a long time.
Thanks War
1 I ran dnf history
2. dnf undo <no> serially undoing it
3. same problem as before.
What I noticed is that while in grub menu while booting to choose the kernel. All the parameters to boot to a lvm is missing and I manually entered " GRUB_CMDLINE_LINUX="root=/dev/mapper/cl_server-root ro crashkernel=auto resume=/dev/mapper/cl_server-swap rd.lvm.lv=cl_server/root rd.lvm.lv=cl_server/swap".
Even after generating a new grub2 file by the command
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
the command succeeds
but same problem after restart and then the kernel boots to Failed to Switch Root
and as rhgb quiet is not there the system is showing a lot of failed messages and it boots to graphical display after a long time.
Thanks War
Re: CVE-2020-10713
I got my system back up with this: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32
Hola that helps!
Hola that helps!
Nacho wrote: ↑2020/08/01 07:29:05My genius brother helped me activate network outside of chroot:
However I still didn't get to recover GRUB2Code: Select all
ip addr add <pick an IP-address, in my case 192.168.178.51/24> dev <name of your network controller, in my case eno2> ip link set dev <name of your network controller> up route add -net 0.0.0.0/0 gw <IP-address of your router>
I hope that helps!
Re: CVE-2020-10713
Boot with CentOS stick - Troubleshoot
chroot/sysimage
dhclient <your interface>
to get network access
nano /etc/yum.conf
exclude=grub2* shim* mokutil
/boot/efi/EFI/centos/shimx64.efi
replace by an older one taken from https://bugzilla.redhat.com/attachment.cgi?id=1702984
as published here: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32
post from: Javier Martinez Canillas 2020-07-30 18:32:23 UTC
works
Wondering when to remove above mentioned yum exclusions?
chroot/sysimage
dhclient <your interface>
to get network access
nano /etc/yum.conf
exclude=grub2* shim* mokutil
/boot/efi/EFI/centos/shimx64.efi
replace by an older one taken from https://bugzilla.redhat.com/attachment.cgi?id=1702984
as published here: https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c32
post from: Javier Martinez Canillas 2020-07-30 18:32:23 UTC
works
Wondering when to remove above mentioned yum exclusions?
Re: CVE-2020-10713
https://access.redhat.com/solutions/5272311 this apear resolve problem. i working on.
Re: CVE-2020-10713
Please note that there are currently no fixed CentOS packages for this so even though/if the RH KB article says it's fixed by updating to the latest, it is not yet on CentOS. RHEL have fixed packages out, CentOS do not. Yet.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: CVE-2020-10713
This is very helpful to know upfront. Thank you TrevorH for the information.
I received this link - https://access.redhat.com/solutions/5272311 from a buddy of mine, because he knew I was having this problem.
It looks like Nacho (with his brother's help made some progress on the networking issue).
Thanks,
War
War
Re: CVE-2020-10713
You might want to short cut the network issue since even if you do that, yum currently only knows this one kernel and you cannot downgrade. Grab a web browser on a different machine and a USB stick, download all of the previous versions of everything returned by rpm -qa --qf '%{name}\n' kernel\* grub2\* shim\* | sort | uniq onto that, plug it into the broken machine, mount it somewhere, cd to it then yum --disablerepo=\* downgrade *.rpm
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2020-10713
I am told that new packages are in the process of being released. For CentOS 8 you will need shim packages with a version of 15-15.el8 or higher and it may be necessary to do a `yum clean all` before checking for new updates to pick it up. I'm not yet seeing this package on my local mirrors but the CentOS 7 one is there.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2020-10713
My systems just tell me
bug fix available
shim-x64 15-15.el8_2
I'll give it a try on one of them
- looking good
so now done the other ones too
bug fix available
shim-x64 15-15.el8_2
I'll give it a try on one of them
- looking good
so now done the other ones too
-
- Posts: 1
- Joined: 2020/08/02 15:27:54
Re: CVE-2020-10713
deleted.
Last edited by groupboard on 2020/08/03 15:45:12, edited 1 time in total.