Описание
Security update for grub2
This update for grub2 fixes the following issues:
Security issue fixed:
- CVE-2017-9763: Fixed a memory leak in grub_ext2_read_block (bsc#1045063)
Other issues addressed:
- Added support for tftp block counter roll-over and backported support for efinetSNP open (bsc#1124662).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
grub2-x86_64-efi-2.00-0.66.8.1
grub2-x86_64-xen-2.00-0.66.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
grub2-x86_64-efi-2.00-0.66.8.1
grub2-x86_64-xen-2.00-0.66.8.1
Ссылки
- Link for SUSE-SU-2019:13989-1
- E-Mail link for SUSE-SU-2019:13989-1
- SUSE Security Ratings
- SUSE Bug 1045063
- SUSE Bug 1124662
- SUSE CVE CVE-2017-9763 page
Описание
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-efi-2.00-0.66.8.1
SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-xen-2.00-0.66.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-efi-2.00-0.66.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-xen-2.00-0.66.8.1
Ссылки
- CVE-2017-9763
- SUSE Bug 1045063