Описание
Security update for grub2
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix 'command not found' error of grub2-once (bsc#1204563, bsc#1215382)
Список пакетов
Image SLES12-SP5-Azure-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-Basic-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-HPC-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-HPC-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-SAP-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-SAP-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-Standard-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-EC2-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
Image SLES12-SP5-EC2-ECS-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
Image SLES12-SP5-EC2-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
Image SLES12-SP5-EC2-SAP-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
Image SLES12-SP5-EC2-SAP-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
Image SLES12-SP5-GCE-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-GCE-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-GCE-SAP-BYOS
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-GCE-SAP-On-Demand
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
grub2-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-x86_64-efi-2.02-169.1
SUSE Linux Enterprise Server 12 SP5
grub2-2.02-169.1
grub2-arm64-efi-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-powerpc-ieee1275-2.02-169.1
grub2-s390x-emu-2.02-169.1
grub2-snapper-plugin-2.02-169.1
grub2-systemd-sleep-plugin-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
grub2-2.02-169.1
grub2-arm64-efi-2.02-169.1
grub2-i386-pc-2.02-169.1
grub2-powerpc-ieee1275-2.02-169.1
grub2-s390x-emu-2.02-169.1
grub2-snapper-plugin-2.02-169.1
grub2-systemd-sleep-plugin-2.02-169.1
grub2-x86_64-efi-2.02-169.1
grub2-x86_64-xen-2.02-169.1
Ссылки
- Link for SUSE-SU-2023:4085-1
- E-Mail link for SUSE-SU-2023:4085-1
- SUSE Security Ratings
- SUSE Bug 1204563
- SUSE Bug 1215382
- SUSE Bug 1215935
- SUSE Bug 1215936
- SUSE CVE CVE-2023-4692 page
- SUSE CVE CVE-2023-4693 page
Описание
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:grub2-2.02-169.1
Image SLES12-SP5-Azure-BYOS:grub2-i386-pc-2.02-169.1
Image SLES12-SP5-Azure-BYOS:grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-Basic-On-Demand:grub2-2.02-169.1
Ссылки
- CVE-2023-4692
- SUSE Bug 1215935
- SUSE Bug 1217434
- SUSE Bug 1217555
- SUSE Bug 1219472
- SUSE Bug 1219709
- SUSE Bug 1221589
- SUSE Bug 1227915
Описание
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:grub2-2.02-169.1
Image SLES12-SP5-Azure-BYOS:grub2-i386-pc-2.02-169.1
Image SLES12-SP5-Azure-BYOS:grub2-x86_64-efi-2.02-169.1
Image SLES12-SP5-Azure-Basic-On-Demand:grub2-2.02-169.1
Ссылки
- CVE-2023-4693
- SUSE Bug 1215936