Описание
Security update for grub2
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-BYOS-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
Image SLES15-SP3-CHOST-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-CHOST-BYOS-EC2
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-CHOST-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-HPC-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-HPC-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-SAP-BYOS-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-SAP-BYOS-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-SAPCAL-Azure
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-SAPCAL-EC2-HVM
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Image SLES15-SP3-SAPCAL-GCE
grub2-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
SUSE Linux Enterprise Micro 5.2
grub2-2.04-150300.22.25.1
grub2-arm64-efi-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-s390x-emu-2.04-150300.22.25.1
grub2-snapper-plugin-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
grub2-2.04-150300.22.25.1
grub2-arm64-efi-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-powerpc-ieee1275-2.04-150300.22.25.1
grub2-s390x-emu-2.04-150300.22.25.1
grub2-snapper-plugin-2.04-150300.22.25.1
grub2-systemd-sleep-plugin-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
grub2-x86_64-xen-2.04-150300.22.25.1
SUSE Manager Proxy Module 4.2
grub2-arm64-efi-2.04-150300.22.25.1
openSUSE Leap 15.3
grub2-2.04-150300.22.25.1
grub2-arm64-efi-2.04-150300.22.25.1
grub2-arm64-efi-debug-2.04-150300.22.25.1
grub2-branding-upstream-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-i386-pc-debug-2.04-150300.22.25.1
grub2-powerpc-ieee1275-2.04-150300.22.25.1
grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1
grub2-s390x-emu-2.04-150300.22.25.1
grub2-s390x-emu-debug-2.04-150300.22.25.1
grub2-snapper-plugin-2.04-150300.22.25.1
grub2-systemd-sleep-plugin-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-efi-debug-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
openSUSE Leap Micro 5.2
grub2-2.04-150300.22.25.1
grub2-arm64-efi-2.04-150300.22.25.1
grub2-i386-pc-2.04-150300.22.25.1
grub2-snapper-plugin-2.04-150300.22.25.1
grub2-x86_64-efi-2.04-150300.22.25.1
grub2-x86_64-xen-2.04-150300.22.25.1
Ссылки
- Link for SUSE-SU-2022:4219-1
- E-Mail link for SUSE-SU-2022:4219-1
- SUSE Security Ratings
- SUSE Bug 1205178
- SUSE Bug 1205182
- SUSE CVE CVE-2022-2601 page
- SUSE CVE CVE-2022-3775 page
Описание
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:grub2-2.04-150300.22.25.1
Container suse/sle-micro-rancher/5.2:latest:grub2-i386-pc-2.04-150300.22.25.1
Container suse/sle-micro-rancher/5.2:latest:grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-BYOS-Azure:grub2-2.04-150300.22.25.1
Ссылки
- CVE-2022-2601
- SUSE Bug 1205178
Описание
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:grub2-2.04-150300.22.25.1
Container suse/sle-micro-rancher/5.2:latest:grub2-i386-pc-2.04-150300.22.25.1
Container suse/sle-micro-rancher/5.2:latest:grub2-x86_64-efi-2.04-150300.22.25.1
Image SLES15-SP3-BYOS-Azure:grub2-2.04-150300.22.25.1
Ссылки
- CVE-2022-3775
- SUSE Bug 1205182