SUSE-SU-2015:2399-1

Опубликовано: 30 дек. 2015

Источник: suse-cvrf

Описание

Security update for grub2

This update for grub2 provides the following fixes and enhancements:

Security issue fixed:

Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)

Non security issues fixed:

Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539)
Add --image switch to force zipl update to specific kernel. (bsc#928131)
Do not use shim lock protocol for reading PE header as it won't be available when secure boot is disabled. (bsc#943380)
Make firmware flaw condition be more precisely detected and add debug message for the case.

Список пакетов

SUSE Linux Enterprise Desktop 12

grub2-2.02~beta2-56.9.4

grub2-i386-pc-2.02~beta2-56.9.4

grub2-snapper-plugin-2.02~beta2-56.9.4

grub2-x86_64-efi-2.02~beta2-56.9.4

grub2-x86_64-xen-2.02~beta2-56.9.4

SUSE Linux Enterprise Server 12

grub2-2.02~beta2-56.9.4

grub2-i386-pc-2.02~beta2-56.9.4

grub2-powerpc-ieee1275-2.02~beta2-56.9.4

grub2-s390x-emu-2.02~beta2-56.9.4

grub2-snapper-plugin-2.02~beta2-56.9.4

grub2-x86_64-efi-2.02~beta2-56.9.4

grub2-x86_64-xen-2.02~beta2-56.9.4

SUSE Linux Enterprise Server for SAP Applications 12

grub2-2.02~beta2-56.9.4

grub2-i386-pc-2.02~beta2-56.9.4

grub2-powerpc-ieee1275-2.02~beta2-56.9.4

grub2-s390x-emu-2.02~beta2-56.9.4

grub2-snapper-plugin-2.02~beta2-56.9.4

grub2-x86_64-efi-2.02~beta2-56.9.4

grub2-x86_64-xen-2.02~beta2-56.9.4

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20152399-1/
Link for SUSE-SU-2015:2399-1
https://lists.suse.com/pipermail/sle-security-updates/2015-December/001770.html
E-Mail link for SUSE-SU-2015:2399-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/928131
SUSE Bug 928131
https://bugzilla.suse.com/943380
SUSE Bug 943380
https://bugzilla.suse.com/946148
SUSE Bug 946148
https://bugzilla.suse.com/952539
SUSE Bug 952539
https://bugzilla.suse.com/956631
SUSE Bug 956631
https://www.suse.com/security/cve/CVE-2015-8370/
SUSE CVE CVE-2015-8370 page

Описание

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Затронутые продукты

SUSE Linux Enterprise Desktop 12:grub2-2.02~beta2-56.9.4

SUSE Linux Enterprise Desktop 12:grub2-i386-pc-2.02~beta2-56.9.4

SUSE Linux Enterprise Desktop 12:grub2-snapper-plugin-2.02~beta2-56.9.4

SUSE Linux Enterprise Desktop 12:grub2-x86_64-efi-2.02~beta2-56.9.4

Ссылки

https://www.suse.com/security/cve/CVE-2015-8370.html
CVE-2015-8370
https://bugzilla.suse.com/956631
SUSE Bug 956631

SUSE-SU-2015:2399-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server for SAP Applications 12

Ссылки

Уязвимость: CVE-2015-8370

Описание

Затронутые продукты

Ссылки