Oval Definition:oval:org.opensuse.security:def:119230
Revision Date:2022-06-14Version:1
Title:Security update for grub2 (Important)
Description:

This update for grub2 fixes the following issues:

Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)

- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2

- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
Family:unixClass:patch
Status:Reference(s):1191184
1191185
1191186
1193282
1197948
1198460
1198493
1198495
1198496
1198581
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
CVE-2022-28736
SUSE-SU-2022:2074-1
Platform(s):SUSE Linux Enterprise Server 15 SP2-BCL
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP2-BCL is installed
  • AND Package Information
  • grub2-2.04-150200.9.63.2 is installed
  • OR grub2-arm64-efi-2.04-150200.9.63.2 is installed
  • OR grub2-i386-pc-2.04-150200.9.63.2 is installed
  • OR grub2-snapper-plugin-2.04-150200.9.63.2 is installed
  • OR grub2-systemd-sleep-plugin-2.04-150200.9.63.2 is installed
  • OR grub2-x86_64-efi-2.04-150200.9.63.2 is installed
  • OR grub2-x86_64-xen-2.04-150200.9.63.2 is installed
    • BACK