Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.
Package | sys-boot/grub on all architectures |
---|---|
Affected versions | < 2.06 |
Unaffected versions | >= 2.06 |
GNU GRUB is a multiboot boot loader used by most Linux systems.
Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All GRUB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r3"
After upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB2 Gentoo Wiki page for directions. Your system will be vulnerable until this action is performed.