Looked at patching this one using Foreman:
https://access.redhat.com/security/cve/CVE-2022-28733
https://access.redhat.com/errata/RHSA-2022:8900
Since this is CentOS 7 the errata is called CESA-2022:8900.
So applied the patch to a host with REX and see it uses the command:
yum -y update-minimal --advisory=CESA-2022:8900
It however did not update anything. Running the same yum command manually returns:
No Packages marked for minimal Update
Looking on that is installed:
# yum list installed grub2
Installed Packages
grub2.x86_64 1:2.02-0.87.0.1.el7.centos.9
If I run just “yum update grub2” it notice there is the 1:2.02-0.87.0.1.el7.centos.11 update and want to update it. Anyone knows what is going on here?
# yum update grub2
Resolving Dependencies
--> Running transaction check
---> Package grub2.x86_64 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2.x86_64 1:2.02-0.87.0.1.el7.centos.11 will be an update
--> Processing Dependency: grub2-pc = 1:2.02-0.87.0.1.el7.centos.11 for package: 1:grub2-2.02-0.87.0.1.el7.centos.11.x86_64
--> Running transaction check
---> Package grub2-pc.x86_64 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2-pc.x86_64 1:2.02-0.87.0.1.el7.centos.11 will be an update
--> Processing Dependency: grub2-common = 1:2.02-0.87.0.1.el7.centos.11 for package: 1:grub2-pc-2.02-0.87.0.1.el7.centos.11.x86_64
--> Processing Dependency: grub2-pc-modules = 1:2.02-0.87.0.1.el7.centos.11 for package: 1:grub2-pc-2.02-0.87.0.1.el7.centos.11.x86_64
--> Processing Dependency: grub2-tools = 1:2.02-0.87.0.1.el7.centos.11 for package: 1:grub2-pc-2.02-0.87.0.1.el7.centos.11.x86_64
--> Processing Dependency: grub2-tools-extra = 1:2.02-0.87.0.1.el7.centos.11 for package: 1:grub2-pc-2.02-0.87.0.1.el7.centos.11.x86_64
--> Processing Dependency: grub2-tools-minimal = 1:2.02-0.87.0.1.el7.centos.11 for package: 1:grub2-pc-2.02-0.87.0.1.el7.centos.11.x86_64
--> Running transaction check
---> Package grub2-common.noarch 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2-common.noarch 1:2.02-0.87.0.1.el7.centos.11 will be an update
---> Package grub2-pc-modules.noarch 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2-pc-modules.noarch 1:2.02-0.87.0.1.el7.centos.11 will be an update
---> Package grub2-tools.x86_64 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2-tools.x86_64 1:2.02-0.87.0.1.el7.centos.11 will be an update
---> Package grub2-tools-extra.x86_64 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2-tools-extra.x86_64 1:2.02-0.87.0.1.el7.centos.11 will be an update
---> Package grub2-tools-minimal.x86_64 1:2.02-0.87.0.1.el7.centos.9 will be updated
---> Package grub2-tools-minimal.x86_64 1:2.02-0.87.0.1.el7.centos.11 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================================
Updating:
grub2 x86_64 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 34 k
Updating for dependencies:
grub2-common noarch 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 733 k
grub2-pc x86_64 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 34 k
grub2-pc-modules noarch 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 860 k
grub2-tools x86_64 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 1.8 M
grub2-tools-extra x86_64 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 1.0 M
grub2-tools-minimal x86_64 1:2.02-0.87.0.1.el7.centos.11 centos7_updates 177 k
Transaction Summary
==================================================================================================================================================================
Upgrade 1 Package (+6 Dependent packages)
Total download size: 4.6 M
Is this ok [y/d/N]: