Описание
Security update for grub2
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
- Check MS-DOS header to find PE file header. (bsc#954126)
- Use dirname for copying Xen kernel and initrd to esp. (bsc#955493)
- Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519)
- Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition in default setup. (bsc#917427, bsc#955609)
- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) This update was imported from the SUSE:SLE-12-SP1:Update update project.
Список пакетов
openSUSE Leap 42.1
grub2-2.02~beta2-76.1
grub2-branding-upstream-2.02~beta2-76.1
grub2-i386-efi-2.02~beta2-76.1
grub2-i386-pc-2.02~beta2-76.1
grub2-snapper-plugin-2.02~beta2-76.1
grub2-x86_64-efi-2.02~beta2-76.1
grub2-x86_64-xen-2.02~beta2-76.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0036-1
- SUSE Security Ratings
Описание
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Затронутые продукты
openSUSE Leap 42.1:grub2-2.02~beta2-76.1
openSUSE Leap 42.1:grub2-branding-upstream-2.02~beta2-76.1
openSUSE Leap 42.1:grub2-i386-efi-2.02~beta2-76.1
openSUSE Leap 42.1:grub2-i386-pc-2.02~beta2-76.1
Ссылки
- CVE-2015-8370
- SUSE Bug 956631