Fedora has issued an advisory on December 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5VRL3CBU6FOV6UY6CJLNRJXBCENVSF7Z/ I disagree with this issue as described here: https://bugzilla.redhat.com/show_bug.cgi?id=2024170 GRUB2 has a mechanism for including other files in the configuration, such as the "source ${prefix}/user.cfg" in RedHat's default grub.cfg, so if there are encrypted passwords, they should be in a different file, as in that example from RedHat. I don't think it makes sense to have grub.cfg itself unreadable by users. I don't know how Mageia handles password-protecting GRUB2, so I'll leave this for the maintainers to figure out.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => GRUB2 passwords should not be world-readable
tv is the principle maintainer of Grub2, so assigning this to you. In the light of DavidW's comment: > I'll leave this for the maintainers to figure out maybe it warrants discussion.
Assignee: bugsquad => thierry.vignaud
the upstream fix: https://github.com/rhboot/grub2/commit/3ea051e59e9c0cd79eac7f2e1563606e1e31a530
CC: (none) => mageia
Depends on: (none) => 30527
Mageia 8 EOL.
Whiteboard: MGA8TOO => (none)CC: (none) => nicolas.salgueroVersion: Cauldron => 8Status: NEW => RESOLVEDResolution: (none) => OLD