- Fix package version number - Use CloudLinux vendor cert - Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Add patches from centos-8.5 ELS: - CVE-2021-3695: out-of-bounds write in the heap area by a crafted 16-bit grayscale PNG image - CVE-2021-3696: a heap out-of-bounds during the handling of Huffman tables in the PNG reader - CVE-2021-3697: allowing user-controlled data to be written in heap by a crafted JPEG image - CVE-2022-2601: possible circumventing of the secure boot mechanism by a malicious crafted pf2 font - CVE-2022-28733: possible write past the end of the buffer because of integer underflow in grub_net_recv_ip4_packets() - CVE-2022-28734: out-of-bounds write when handling split HTTP headers - CVE-2022-28736: use-after-free vulnerability in grub_cmd_chainloader() - CVE-2022-3775: out-of-bounds write into grub2’s heap because of lack of proper validation of glyph’s width and height - CVE-2023-4692: out-of-bounds write in grub2’s NTFS filesystem driver - The following CVEs were fixed by previous patches additionally: - CVE-2020-15706: a race condition in grub_script_function_create() leading to a use-after-free vulnerability - CVE-2020-15707: integer overflows in efilinux leading to a heap-based buffer overflow - A number of upstream fixes backported including: - CVE-2024-1048: a flaw that may result in filesystem running out of free inodes or blocks