Welcome to Centmin Mod Community
Register Now

CentOS 7.x CentOS 8.x Redhat / CentOS 7 & 8 grub2 security vulnerability for BootHole (CVE-2020-10713)

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jul 30, 2020.

  1. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah saw the news announcements. Luckily still haven't moved to RH8/CentOS 8 yet

    grub2 security vulnerability is interesting for Redhat 8 / CentOS 8 at least for BootHole (CVE-2020-10713) Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems if you hare using UEFI bios and Secure Boot enabled
    Boot Hole Vulnerability - GRUB 2 boot loader - CVE-2020-10713 - Red Hat Customer Portal

     
  2. buik

    buik “Winners never quit, and quitters never win.” Premium Member

    1,293
    348
    83
    Apr 29, 2016
    Ratings:
    +1,051
    Local Time:
    4:27 AM
    A bit off topic related to the release of Red Hat Enterprise Linux 8.3 beta, but important enough for a new topic.
    @eva2000 please move the BootHole-bug in Grub2 content into a new topic please.

    One of the most important issues with security related IT infrastructure is to stay calm.

    CVE-2020-10713 could labelled
    code wise if you want, but in general it is security level: Moderate, rated by the Red Hat security team and that's reasonable in my opinion.

    As the CVE is difficult to exploit in practice.
    An attacker needs to modify the grub.cfg configuration file and in any case needs root access to a system or of course physical access.

     
  3. Matt

    Matt Moderator Staff Member

    862
    387
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +606
    Local Time:
    3:27 AM
    1.5.15
    MariaDB 10.2
  4. David Schargel

    David Schargel New Member

    7
    4
    3
    Feb 2, 2020
    Ratings:
    +7
    Local Time:
    7:27 PM
  5. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Ah beat me to it Red Hat and CentOS systems aren’t booting due to BootHole patches – Ars Technica

     
  6. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    According to Red Hat Customer Portal, the bad update packages preventing CentOS 7 and 8 from rebooting are
    Code (Text):
    x86_64
    fwupdate-12-6.el7_8.x86_64.rpm
    fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
    fwupdate-debuginfo-12-6.el7_8.x86_64.rpm
    fwupdate-devel-12-6.el7_8.x86_64.rpm
    fwupdate-efi-12-6.el7_8.x86_64.rpm
    fwupdate-libs-12-6.el7_8.x86_64.rpm
    grub2-2.02-0.86.el7_8.x86_64.rpm
    grub2-common-2.02-0.86.el7_8.noarch.rpm
    grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
    grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpm
    grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpm
    grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpm
    grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpm
    grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpm
    grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-pc-2.02-0.86.el7_8.x86_64.rpm
    grub2-pc-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpm
    grub2-tools-2.02-0.86.el7_8.x86_64.rpm
    grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpm
    grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpm
    mokutil-15-7.el7_8.x86_64.rpm
    mokutil-debuginfo-15-7.el7_8.x86_64.rpm
    shim-ia32-15-7.el7_8.x86_64.rpm
    shim-unsigned-ia32-15-7.el7_9.x86_64.rpm
    shim-unsigned-x64-15-7.el7_9.x86_64.rpm
    shim-x64-15-7.el7_8.x86_64.rpm
    

    On my CentOS 7 system I have yet to run yum update so grub2 packages are still previous 2.0.2-0.81.el7 versions and not the updated bad packages grub2 2.0.2-0.86.el7
    Code (Text):
    yum -q list shim\* grub2\* mokutil | tr -s ' ' | column -t
    Installed                      Packages
    grub2.x86_64                   1:2.02-0.81.el7.centos  @base
    grub2-common.noarch            1:2.02-0.81.el7.centos  @base
    grub2-efi-x64.x86_64           1:2.02-0.81.el7.centos  @base
    grub2-pc.x86_64                1:2.02-0.81.el7.centos  @base
    grub2-pc-modules.noarch        1:2.02-0.81.el7.centos  @base
    grub2-tools.x86_64             1:2.02-0.81.el7.centos  @base
    grub2-tools-extra.x86_64       1:2.02-0.81.el7.centos  @base
    grub2-tools-minimal.x86_64     1:2.02-0.81.el7.centos  @base
    Available                      Packages
    grub2-efi-aa64-modules.noarch  1:2.02-0.81.el7.centos  base
    grub2-efi-ia32.x86_64          1:2.02-0.81.el7.centos  base
    grub2-efi-ia32-cdboot.x86_64   1:2.02-0.81.el7.centos  base
    grub2-efi-ia32-modules.noarch  1:2.02-0.81.el7.centos  base
    grub2-efi-x64-cdboot.x86_64    1:2.02-0.81.el7.centos  base
    grub2-efi-x64-modules.noarch   1:2.02-0.81.el7.centos  base
    grub2-i386-modules.noarch      1:2.02-0.81.el7.centos  base
    grub2-ppc-modules.noarch       1:2.02-0.81.el7.centos  base
    grub2-ppc64-modules.noarch     1:2.02-0.81.el7.centos  base
    grub2-ppc64le-modules.noarch   1:2.02-0.81.el7.centos  base
    mokutil.x86_64                 15-2.el7.centos         base
    shim-ia32.x86_64               15-2.el7.centos         base
    shim-unsigned-ia32.x86_64      15-2.el7.centos         base
    shim-unsigned-x64.x86_64       15-2.el7.centos         base
    shim-x64.x86_64                15-2.el7.centos         base
    

    If you see bad 2.0.2-.086.el7 grub2 packages installed from above command, you need to downgrade to previous version first
    Code (Text):
    yum downgrade shim\* grub2\* mokutil

    List available updates listed include the updated bad packages grub2 2.0.2-0.86.el7
    Code (Text):
    yum -q list updates shim\* grub2\* mokutil | tr -s ' ' | column -t
    Updated                     Packages
    grub2.x86_64                1:2.02-0.86.el7.centos  updates
    grub2-common.noarch         1:2.02-0.86.el7.centos  updates
    grub2-efi-x64.x86_64        1:2.02-0.86.el7.centos  updates
    grub2-pc.x86_64             1:2.02-0.86.el7.centos  updates
    grub2-pc-modules.noarch     1:2.02-0.86.el7.centos  updates
    grub2-tools.x86_64          1:2.02-0.86.el7.centos  updates
    grub2-tools-extra.x86_64    1:2.02-0.86.el7.centos  updates
    grub2-tools-minimal.x86_64  1:2.02-0.86.el7.centos  updates
    

    so for now going to lock in my working 2.0.2-0.81.el7 packages via yum versionlock plugin which Centmin Mod installed rather than do yum.conf excludes - just easier to manage this way for now
    Code (Text):
    yum versionlock shim\* grub2\* mokutil

    output
    Code (Text):
    yum versionlock shim\* grub2\* mokutil
    Loaded plugins: fastestmirror, priorities, versionlock
    Adding versionlock on: 1:grub2-tools-minimal-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-tools-extra-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-efi-x64-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-common-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-pc-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-tools-2.02-0.81.el7.centos
    Adding versionlock on: 1:grub2-pc-modules-2.02-0.81.el7.centos
    versionlock added: 8
    

    once locked yum update won't see available updates for locked packages
    Code (Text):
    yum -q list updates shim\* grub2\* mokutil | tr -s ' ' | column -t
    Error: No matching Packages to list
    

    Later when Redhat/CentOS release a fixed grub2 2.0.2-0.87+ or higher version, you can remove the yum versionlock via command below which will allow yum updates to pick up the updated grub2 packages
    Code (Text):
    yum versionlock delete shim\* grub2\* mokutil                           
    Loaded plugins: fastestmirror, priorities, versionlock
    Deleting versionlock for: 1:grub2-tools-minimal-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-tools-extra-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-efi-x64-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-common-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-pc-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-tools-2.02-0.81.el7.centos.*
    Deleting versionlock for: 1:grub2-pc-modules-2.02-0.81.el7.centos.*
    versionlock deleted: 8
    
     
  7. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    650
    188
    43
    May 25, 2014
    Ratings:
    +263
    Local Time:
    9:27 PM
    Subscribed. Had a few servers where it was updated.
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    3,826
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    5:27 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Is this problematic update removed now from the updates list?
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    nope yum update will update to bad packages grub2 2.0.2-0.86.el7 unless you do above and versionlock to good 2.0.2-0.81.el7
     
  10. Jon Snow

    Jon Snow Active Member

    525
    72
    28
    Jun 30, 2017
    Ratings:
    +114
    Local Time:
    11:27 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    I haven't updated to the bad package yet:

    Code (Text):
    yum -q list shim\* grub2\* mokutil | tr -s ' ' | column -t
    Installed                      Packages
    grub2.x86_64                   1:2.02-0.81.el7.centos  @base
    grub2-common.noarch            1:2.02-0.81.el7.centos  @base
    grub2-pc.x86_64                1:2.02-0.81.el7.centos  @base
    grub2-pc-modules.noarch        1:2.02-0.81.el7.centos  @base
    grub2-tools.x86_64             1:2.02-0.81.el7.centos  @base
    grub2-tools-extra.x86_64       1:2.02-0.81.el7.centos  @base
    grub2-tools-minimal.x86_64     1:2.02-0.81.el7.centos  @base
    Available                      Packages
    grub2-efi-aa64-modules.noarch  1:2.02-0.81.el7.centos  base
    grub2-efi-ia32.x86_64          1:2.02-0.81.el7.centos  base
    grub2-efi-ia32-cdboot.x86_64   1:2.02-0.81.el7.centos  base
    grub2-efi-ia32-modules.noarch  1:2.02-0.81.el7.centos  base
    grub2-efi-x64.x86_64           1:2.02-0.81.el7.centos  base
    grub2-efi-x64-cdboot.x86_64    1:2.02-0.81.el7.centos  base
    grub2-efi-x64-modules.noarch   1:2.02-0.81.el7.centos  base
    grub2-i386-modules.noarch      1:2.02-0.81.el7.centos  base
    grub2-ppc-modules.noarch       1:2.02-0.81.el7.centos  base
    grub2-ppc64-modules.noarch     1:2.02-0.81.el7.centos  base
    grub2-ppc64le-modules.noarch   1:2.02-0.81.el7.centos  base
    mokutil.x86_64                 15-2.el7.centos         base
    shim-ia32.x86_64               15-2.el7.centos         base
    shim-unsigned-ia32.x86_64      15-2.el7.centos         base
    shim-unsigned-x64.x86_64       15-2.el7.centos         base
    shim-x64.x86_64                15-2.el7.centos         base
    


    So when this is released, we should update?
     
  11. buik

    buik “Winners never quit, and quitters never win.” Premium Member

    1,293
    348
    83
    Apr 29, 2016
    Ratings:
    +1,051
    Local Time:
    4:27 AM
    About lessons learned.
    My contribution: Never just install updates and always test on test servers first.
     
  12. Matt

    Matt Moderator Staff Member

    862
    387
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +606
    Local Time:
    3:27 AM
    1.5.15
    MariaDB 10.2
    Just looking at my CentOS8 server, and grub2 is on a newer version.

    Code:
    [mworthington@jmp1 ~]$ sudo dnf update
    Last metadata expiration check: 1:43:32 ago on Sun 02 Aug 2020 06:37:18 AM UTC.
    Dependencies resolved.
    ==========================================================================================================================================================================================================================================================================
     Package                                                               Architecture                                             Version                                                                    Repository                                                Size
    ==========================================================================================================================================================================================================================================================================
    Installing:
     kernel                                                                x86_64                                                   4.18.0-193.14.2.el8_2                                                      BaseOS                                                   2.8 M
     kernel-core                                                           x86_64                                                   4.18.0-193.14.2.el8_2                                                      BaseOS                                                    28 M
     kernel-modules                                                        x86_64                                                   4.18.0-193.14.2.el8_2                                                      BaseOS                                                    23 M
    Upgrading:
     grub2-common                                                          noarch                                                   1:2.02-87.el8_2                                                            BaseOS                                                   882 k
     grub2-pc                                                              x86_64                                                   1:2.02-87.el8_2                                                            BaseOS                                                    37 k
     grub2-pc-modules                                                      noarch                                                   1:2.02-87.el8_2                                                            BaseOS                                                   863 k
     grub2-tools                                                           x86_64                                                   1:2.02-87.el8_2                                                            BaseOS                                                   2.0 M
     grub2-tools-efi                                                       x86_64                                                   1:2.02-87.el8_2                                                            BaseOS                                                   467 k
     grub2-tools-extra                                                     x86_64                                                   1:2.02-87.el8_2                                                            BaseOS                                                   1.1 M
     grub2-tools-minimal                                                   x86_64                                                   1:2.02-87.el8_2                                                            BaseOS                                                   202 k
     kernel-tools                                                          x86_64                                                   4.18.0-193.14.2.el8_2                                                      BaseOS                                                   3.0 M
     kernel-tools-libs                                                     x86_64                                                   4.18.0-193.14.2.el8_2                                                      BaseOS                                                   2.8 M
     python3-perf                                                          x86_64                                                   4.18.0-193.14.2.el8_2                                                      BaseOS                                                   2.9 M
    
    Transaction Summary
    ==========================================================================================================================================================================================================================================================================
    Install   3 Packages
    Upgrade  10 Packages
    
    Total download size: 68 M
    Is this ok [y/N]: 
    Code:
    Installed Packages
    Name         : grub2-common
    Epoch        : 1
    Version      : 2.02
    Release      : 87.el8_2
    Architecture : noarch
    Size         : 4.8 M
    Source       : grub2-2.02-87.el8_2.src.rpm
    Repository   : @System
    From repo    : BaseOS
    Summary      : grub2 common layout
    URL          : http://www.gnu.org/software/grub/
    License      : GPLv3+
    Description  : This package provides some directories which are required by various grub2
                 : subpackages.
    
    Code:
    [mworthington@jmp1 ~]$ rpm -q --changelog grub2-common | less
    * Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 2.02-87
    - Fix several CVEs
      Resolves: CVE-2020-10713
      Resolves: CVE-2020-14308
      Resolves: CVE-2020-14309
      Resolves: CVE-2020-14310
      Resolves: CVE-2020-14311
    
    
     
  13. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yes but as @buik stated best to test on a test VPS/server first so do version unlock as outlined above and then yum update and reboot test server and see if it reboots. Though probably also good idea to wait for general media and other users to report when it's fixed too.

    Indeed best thing to do if you can

    CentOS 8 fixed version with bug = grub2-2.02-87.el8 is different from CentOS 7 fixed version with bug = 2.0.2-0.86.el7.

    CentOS 8 security vulernability Boothole fixed version with reboot bug is your version = grub2-2.02-87.el8 Red Hat Customer Portal so you'd need to rollback on CentOS AFAIK. Though Centmin Mod users don't have to worry about CentOS 8.x grub2. Just CentOS 7.x grub2 versions outlined in post 6 above :)
     
  14. Matt

    Matt Moderator Staff Member

    862
    387
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +606
    Local Time:
    3:27 AM
    1.5.15
    MariaDB 10.2
    Good job it's just my testing / jump server

    Code:
    [root@jmp1 log]# dnf history info 11
    Transaction ID : 11
    Begin time     : Sun 02 Aug 2020 08:22:35 AM UTC
    Begin rpmdb    : 448:dd9d8ab61e44ec6d29fef7026852c21d99d0be1b
    End time       : Sun 02 Aug 2020 08:24:29 AM UTC (114 seconds)
    End rpmdb      : 451:d8613bb5eeb862ee571e184ee06ba348d9ed0f6d
    User           :  <mworthington>
    Return-Code    : Success
    Releasever     : 8
    Command Line   : update
    Packages Altered:
        Install  kernel-4.18.0-193.14.2.el8_2.x86_64            @BaseOS
        Install  kernel-core-4.18.0-193.14.2.el8_2.x86_64       @BaseOS
        Install  kernel-modules-4.18.0-193.14.2.el8_2.x86_64    @BaseOS
        Upgrade  grub2-common-1:2.02-87.el8_2.noarch            @BaseOS
        Upgraded grub2-common-1:2.02-81.el8.noarch              @@System
        Upgrade  grub2-pc-1:2.02-87.el8_2.x86_64                @BaseOS
        Upgraded grub2-pc-1:2.02-81.el8.x86_64                  @@System
        Upgrade  grub2-pc-modules-1:2.02-87.el8_2.noarch        @BaseOS
        Upgraded grub2-pc-modules-1:2.02-81.el8.noarch          @@System
        Upgrade  grub2-tools-1:2.02-87.el8_2.x86_64             @BaseOS
        Upgraded grub2-tools-1:2.02-81.el8.x86_64               @@System
        Upgrade  grub2-tools-efi-1:2.02-87.el8_2.x86_64         @BaseOS
        Upgraded grub2-tools-efi-1:2.02-81.el8.x86_64           @@System
        Upgrade  grub2-tools-extra-1:2.02-87.el8_2.x86_64       @BaseOS
        Upgraded grub2-tools-extra-1:2.02-81.el8.x86_64         @@System
        Upgrade  grub2-tools-minimal-1:2.02-87.el8_2.x86_64     @BaseOS
        Upgraded grub2-tools-minimal-1:2.02-81.el8.x86_64       @@System
        Upgrade  kernel-tools-4.18.0-193.14.2.el8_2.x86_64      @BaseOS
        Upgraded kernel-tools-4.18.0-193.6.3.el8_2.x86_64       @@System
        Upgrade  kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64 @BaseOS
        Upgraded kernel-tools-libs-4.18.0-193.6.3.el8_2.x86_64  @@System
        Upgrade  python3-perf-4.18.0-193.14.2.el8_2.x86_64      @BaseOS
        Upgraded python3-perf-4.18.0-193.6.3.el8_2.x86_64       @@System
    [root@jmp1 log]# dnf history undo 11
    Last metadata expiration check: 2:21:43 ago on Sun 02 Aug 2020 09:38:17 AM UTC.
    Undoing transaction 11, from Sun 02 Aug 2020 08:22:35 AM UTC
        Install  kernel-4.18.0-193.14.2.el8_2.x86_64            @BaseOS
        Install  kernel-core-4.18.0-193.14.2.el8_2.x86_64       @BaseOS
        Install  kernel-modules-4.18.0-193.14.2.el8_2.x86_64    @BaseOS
        Upgrade  grub2-common-1:2.02-87.el8_2.noarch            @BaseOS
        Upgraded grub2-common-1:2.02-81.el8.noarch              @@System
        Upgrade  grub2-pc-1:2.02-87.el8_2.x86_64                @BaseOS
        Upgraded grub2-pc-1:2.02-81.el8.x86_64                  @@System
        Upgrade  grub2-pc-modules-1:2.02-87.el8_2.noarch        @BaseOS
        Upgraded grub2-pc-modules-1:2.02-81.el8.noarch          @@System
        Upgrade  grub2-tools-1:2.02-87.el8_2.x86_64             @BaseOS
        Upgraded grub2-tools-1:2.02-81.el8.x86_64               @@System
        Upgrade  grub2-tools-efi-1:2.02-87.el8_2.x86_64         @BaseOS
        Upgraded grub2-tools-efi-1:2.02-81.el8.x86_64           @@System
        Upgrade  grub2-tools-extra-1:2.02-87.el8_2.x86_64       @BaseOS
        Upgraded grub2-tools-extra-1:2.02-81.el8.x86_64         @@System
        Upgrade  grub2-tools-minimal-1:2.02-87.el8_2.x86_64     @BaseOS
        Upgraded grub2-tools-minimal-1:2.02-81.el8.x86_64       @@System
        Upgrade  kernel-tools-4.18.0-193.14.2.el8_2.x86_64      @BaseOS
        Upgraded kernel-tools-4.18.0-193.6.3.el8_2.x86_64       @@System
        Upgrade  kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64 @BaseOS
        Upgraded kernel-tools-libs-4.18.0-193.6.3.el8_2.x86_64  @@System
        Upgrade  python3-perf-4.18.0-193.14.2.el8_2.x86_64      @BaseOS
        Upgraded python3-perf-4.18.0-193.6.3.el8_2.x86_64       @@System
    No package grub2-common-1:2.02-81.el8.noarch available.
    No package grub2-pc-modules-1:2.02-81.el8.noarch available.
    No package grub2-pc-1:2.02-81.el8.x86_64 available.
    No package grub2-tools-efi-1:2.02-81.el8.x86_64 available.
    No package grub2-tools-extra-1:2.02-81.el8.x86_64 available.
    No package grub2-tools-minimal-1:2.02-81.el8.x86_64 available.
    No package grub2-tools-1:2.02-81.el8.x86_64 available.
    No package kernel-tools-libs-4.18.0-193.6.3.el8_2.x86_64 available.
    No package kernel-tools-4.18.0-193.6.3.el8_2.x86_64 available.
    No package python3-perf-4.18.0-193.6.3.el8_2.x86_64 available.
    Error: no package matched
    [root@jmp1 log]# 
    
    Hopefully it won't reboot until they release a proper fix!
     
  15. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Should be able to a downgrade and then use CentOS 8 dnf versionlock to prevent it updating I think
    Code (Text):
    dnf install python3-dnf-plugin-versionlock
    dnf downgrade shim\* grub2\* mokutil
    dnf versionlock shim\* grub2\* mokutil
    
     
  16. Matt

    Matt Moderator Staff Member

    862
    387
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +606
    Local Time:
    3:27 AM
    1.5.15
    MariaDB 10.2
    Should be able to, but looks like the old packages have been removed from the repo files and the dnf cache, so can't downgrade or rollback.

    I've excluded the packages from all my production systems anyway
     
  17. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Interesting wonder if that is specific to CentOS 8 and/or Redhat 8

    guess there's ways to prevent a reboot if need be How to Disable Shutdown and Reboot Commands in Linux :)
     
  18. buik

    buik “Winners never quit, and quitters never win.” Premium Member

    1,293
    348
    83
    Apr 29, 2016
    Ratings:
    +1,051
    Local Time:
    4:27 AM
    Anyone can do it :)
    Each in their own way.

    Ideally, you run test systems with the same specifications in both hardware and software.

    If that is expensive you could virtualize and approach the real situation as much as possible.

    If that doesn't work either, look at eBay.
    Plenty of used servers that can be fetched for a few bucks. (if power usage costs is not a problem)

    If that doesn't work either, install virtual software on your workstation, laptop or mac and at least simulate the software, software-updates and configuration.
     
  19. buik

    buik “Winners never quit, and quitters never win.” Premium Member

    1,293
    348
    83
    Apr 29, 2016
    Ratings:
    +1,051
    Local Time:
    4:27 AM
    Last edited: Aug 4, 2020 at 12:34 AM
  20. eva2000

    eva2000 Administrator Staff Member

    44,731
    10,196
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,804
    Local Time:
    12:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    should be able to remove your own posts if within a specific time limit ? or just edit your post as not sure which post you want removed ?