Описание
Security update for grub2
This update for grub2 provides the following fixes:
A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)
Also following bugs were fixed:
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539)
- Add grub.xen config searching path on boot partition. (bsc#884828)
- Add linux16 and initrd16 to grub.xen. (bsc#884830)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
grub2-x86_64-efi-2.00-0.54.2
grub2-x86_64-xen-2.00-0.54.2
SUSE Linux Enterprise Server 11 SP4
grub2-x86_64-efi-2.00-0.54.2
grub2-x86_64-xen-2.00-0.54.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
grub2-x86_64-efi-2.00-0.54.2
grub2-x86_64-xen-2.00-0.54.2
Ссылки
- Link for SUSE-SU-2015:2385-1
- E-Mail link for SUSE-SU-2015:2385-1
- SUSE Security Ratings
- SUSE Bug 884828
- SUSE Bug 884830
- SUSE Bug 946148
- SUSE Bug 952539
- SUSE Bug 954592
- SUSE Bug 956631
- SUSE CVE CVE-2015-8370 page
Описание
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-efi-2.00-0.54.2
SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-xen-2.00-0.54.2
SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-efi-2.00-0.54.2
SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-xen-2.00-0.54.2
Ссылки
- CVE-2015-8370
- SUSE Bug 956631