Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot.
|sys-devel/grub on all architectures
GNU GRUB is a multiboot boot loader used by most Linux systems.
Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All GRUB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/grub-2.06_rc1"
After upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB Quick Start guide in the references below for examples. Your system will be vulnerable until this action is performed.