Oval Definition:	oval:org.opensuse.security:def:51172
Revision Date: 2021-03-02 Version: 1 Title: Security update for grub2 (Important) Description: This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) grub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12 SP3. Family: unix Class: patch Status: Reference(s): 1013712 1046305 1046306 1050252 1050549 1051510 1054610 1055121 1056658 1056662 1056787 1060463 1063638 1065600 1070995 1071995 1073627 1078355 1082943 1083548 1083647 1084216 1086095 1086282 1086301 1086313 1086314 1086323 1087082 1087092 1088133 1094555 1098382 1098425 1098995 1103429 1104353 1106105 1106434 1106811 1107078 1107665 1108101 1108870 1109695 1110096 1110705 1111666 1113042 1113712 1113722 1113939 1114279 1114585 1117108 1117155 1117645 1118338 1119019 1119086 1119766 1119843 1120008 1120318 1120601 1120758 1120854 1120902 1120909 1120955 1121317 1121726 1121789 1121805 1122019 1122192 1122324 1122554 1122662 1122764 1122779 1122822 1122885 1122927 1122944 1122971 1122982 1123060 1123061 1123161 1123317 1123348 1123357 1123456 1123538 1123697 1123882 1123933 1124055 1124204 1124235 1124579 1124589 1124728 1124732 1124735 1124969 1124974 1124975 1124976 1124978 1124979 1124980 1124981 1124982 1124984 1124985 1125109 1125125 1125252 1125315 1125614 1125728 1125780 1125797 1125799 1125800 1125907 1125947 1126131 1126209 1126389 1126393 1126476 1126480 1126481 1126488 1126495 1126555 1126579 1126789 1126790 1126802 1126803 1126804 1126805 1126806 1126807 1127042 1127062 1127082 1127154 1127285 1127286 1127307 1127363 1127493 1127494 1127495 1127496 1127497 1127498 1127534 1127561 1127567 1127595 1127603 1127682 1127731 1127750 1127836 1127961 1128094 1128166 1128351 1128451 1128895 1129046 1129080 1129163 1129179 1129181 1129182 1129183 1129184 1129205 1129281 1129284 1129285 1129291 1129292 1129293 1129294 1129295 1129296 1129326 1129327 1129330 1129363 1129366 1129497 1129519 1129543 1129547 1129551 1129581 1129625 1129664 1129739 1129923 1133191 1135280 1136446 1136935 1137597 1138459 1141320 1160467 1160468 1162680 1166916 1169095 1169521 1169850 1169851 1170603 1171437 1171746 1172140 1172307 1172356 1172437 1172442 1172443 1173159 1173160 1173161 1173359 1174120 1174154 1174543 1175970 1176711 1177883 1178611 1179264 1179265 1182057 1182262 1182263 824948 CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-0946 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2497 CVE-2010-2805 CVE-2010-2939 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2010-5298 CVE-2011-0014 CVE-2011-0226 CVE-2011-3207 CVE-2011-3210 CVE-2011-3256 CVE-2011-3439 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-5095 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2012-2686 CVE-2012-4929 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2240 CVE-2014-2241 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 CVE-2016-9798 CVE-2017-17789 CVE-2018-1000199 CVE-2018-20669 CVE-2019-10160 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-14896 CVE-2019-14897 CVE-2019-15666 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-3846 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10757 CVE-2020-10760 CVE-2020-11080 CVE-2020-12268 CVE-2020-14303 CVE-2020-14372 CVE-2020-15719 CVE-2020-25632 CVE-2020-25647 CVE-2020-26950 CVE-2020-27749 CVE-2020-27779 CVE-2020-7598 CVE-2020-8174 CVE-2021-20225 CVE-2021-20233 SUSE-SU-2019:0784-1 SUSE-SU-2019:2064-1 SUSE-SU-2019:3046-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:1220-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1948-1 SUSE-SU-2020:2158-1 SUSE-SU-2020:2581-1 SUSE-SU-2020:2604-1 SUSE-SU-2021:0679-1 Platform(s): SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Python2 packages 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libproxy0-0.3.1-2.6 is installed OR libproxy0-32bit-0.3.1-2.6 is installed OR libproxy0-config-gnome-0.3.1-2.6 is installed OR libproxy0-config-gnome-32bit-0.3.1-2.6 is installed OR libproxy0-config-kde4-0.3.1-2.6 is installed OR libproxy0-networkmanager-0.3.1-2.6 is installed OR libproxy0-networkmanager-32bit-0.3.1-2.6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information gpg2-2.0.9-25.33.39 is installed OR gpg2-lang-2.0.9-25.33.39 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information libtiff3-3.8.2-141.163 is installed OR libtiff3-32bit-3.8.2-141.163 is installed OR tiff-3.8.2-141.163 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information libfreetype6-2.5.3-2 is installed OR libfreetype6-32bit-2.5.3-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND ft2demos-2.5.5-7.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information gvim-7.4.326-2 is installed OR vim-7.4.326-2 is installed OR vim-data-7.4.326-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND cifs-utils-6.5-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cyrus-sasl-2.1.26-8.7 is installed OR cyrus-sasl-32bit-2.1.26-8.7 is installed OR cyrus-sasl-crammd5-2.1.26-8.7 is installed OR cyrus-sasl-crammd5-32bit-2.1.26-8.7 is installed OR cyrus-sasl-digestmd5-2.1.26-8.7 is installed OR cyrus-sasl-digestmd5-32bit-2.1.26-8.7 is installed OR cyrus-sasl-gssapi-2.1.26-8.7 is installed OR cyrus-sasl-gssapi-32bit-2.1.26-8.7 is installed OR cyrus-sasl-plain-2.1.26-8.7 is installed OR cyrus-sasl-plain-32bit-2.1.26-8.7 is installed OR cyrus-sasl-saslauthd-2.1.26-8.7 is installed OR libsasl2-3-2.1.26-8.7 is installed OR libsasl2-3-32bit-2.1.26-8.7 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information bluez-5.48-5.19 is installed OR bluez-devel-5.48-5.19 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information python-2.7.14-7.14 is installed OR python-tk-2.7.14-7.14 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information kernel-default-4.12.14-150.14 is installed OR reiserfs-kmp-default-4.12.14-150.14 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information openldap2-2.4.46-9.34 is installed OR openldap2-back-meta-2.4.46-9.34 is installed OR openldap2-back-perl-2.4.46-9.34 is installed OR openldap2-ppolicy-check-password-1.2-9.34 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_16-default-6-2 is installed OR kernel-livepatch-SLE15_Update_4-6-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_10-default-8-2 is installed OR kernel-livepatch-SLE15-SP1_Update_3-8-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information MozillaThunderbird-78.4.2-3.103 is installed OR MozillaThunderbird-translations-common-78.4.2-3.103 is installed OR MozillaThunderbird-translations-other-78.4.2-3.103 is installed Definition Synopsis SUSE Linux Enterprise Module for Python2 packages 15 SP2 is installed AND Package Information samba-4.11.11+git.180.2cf3b203f07-4.5 is installed OR samba-ad-dc-4.11.11+git.180.2cf3b203f07-4.5 is installed OR samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-4.5 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information xen-4.12.3_06-3.25 is installed OR xen-devel-4.12.3_06-3.25 is installed OR xen-tools-4.12.3_06-3.25 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.17.0-3.32 is installed OR nodejs8-devel-8.17.0-3.32 is installed OR nodejs8-docs-8.17.0-3.32 is installed OR npm8-8.17.0-3.32 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information giflib-5.0.5-7 is installed OR giflib-progs-5.0.5-7 is installed OR libgif6-5.0.5-7 is installed OR libgif6-32bit-5.0.5-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_96-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_96-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_29-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information gnome-settings-daemon-3.20.1-40 is installed OR gnome-settings-daemon-lang-3.20.1-40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-firmware-20170530-21.22 is installed OR ucode-amd-20170530-21.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kernel-default-4.4.121-92.95 is installed OR kernel-default-base-4.4.121-92.95 is installed OR kernel-default-devel-4.4.121-92.95 is installed OR kernel-devel-4.4.121-92.95 is installed OR kernel-macros-4.4.121-92.95 is installed OR kernel-source-4.4.121-92.95 is installed OR kernel-syms-4.4.121-92.95 is installed OR lttng-modules-2.7.1-9.6 is installed OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_114-92_67-default-5-2 is installed OR kgraft-patch-SLE12-SP2_Update_19-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information accountsservice-0.6.42-14 is installed OR accountsservice-lang-0.6.42-14 is installed OR libaccountsservice0-0.6.42-14 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kernel-default-4.4.180-94.103 is installed OR kernel-default-base-4.4.180-94.103 is installed OR kernel-default-devel-4.4.180-94.103 is installed OR kernel-devel-4.4.180-94.103 is installed OR kernel-macros-4.4.180-94.103 is installed OR kernel-source-4.4.180-94.103 is installed OR kernel-syms-4.4.180-94.103 is installed OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_140-94_42-default-10-2 is installed OR kgraft-patch-SLE12-SP3_Update_15-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information ovmf-2017+git1492060560.b6d11d7c46-4.12 is installed OR ovmf-tools-2017+git1492060560.b6d11d7c46-4.12 is installed OR qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND dstat-0.7.3-1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND Package Information grub2-2.02-115.59.1 is installed OR grub2-i386-pc-2.02-115.59.1 is installed OR grub2-powerpc-ieee1275-2.02-115.59.1 is installed OR grub2-snapper-plugin-2.02-115.59.1 is installed OR grub2-systemd-sleep-plugin-2.02-115.59.1 is installed OR grub2-x86_64-efi-2.02-115.59.1 is installed OR grub2-x86_64-xen-2.02-115.59.1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information ghostscript-9.52-3.27 is installed OR ghostscript-devel-9.52-3.27 is installed OR ghostscript-x11-9.52-3.27 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information gimp-2.8.22-5.3 is installed OR gimp-devel-2.8.22-5.3 is installed OR gimp-lang-2.8.22-5.3 is installed OR gimp-plugins-python-2.8.22-5.3 is installed OR libgimp-2_0-0-2.8.22-5.3 is installed OR libgimpui-2_0-0-2.8.22-5.3 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ucode-intel-20180425-13.20 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information python-oslo.cache-1.14.1-3.3 is installed OR python-oslo.concurrency-3.14.1-3.3 is installed OR python-oslo.db-4.13.6-3.3 is installed OR python-oslo.log-3.16.1-3.3 is installed OR python-oslo.messaging-5.10.2-3.6 is installed OR python-oslo.middleware-3.19.1-4.3 is installed OR python-oslo.serialization-2.13.2-3.3 is installed OR python-oslo.service-1.16.1-3.3 is installed OR python-oslo.utils-3.16.1-3.3 is installed OR python-oslo.versionedobjects-1.17.1-3.3 is installed OR python-oslo.vmware-2.14.1-3.3 is installed OR python-oslotest-2.10.1-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information bzip2-1.0.6-30.5 is installed OR bzip2-doc-1.0.6-30.5 is installed OR libbz2-1-1.0.6-30.5 is installed OR libbz2-1-32bit-1.0.6-30.5 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kernel-default-4.4.180-94.103 is installed OR kernel-default-base-4.4.180-94.103 is installed OR kernel-default-devel-4.4.180-94.103 is installed OR kernel-devel-4.4.180-94.103 is installed OR kernel-macros-4.4.180-94.103 is installed OR kernel-source-4.4.180-94.103 is installed OR kernel-syms-4.4.180-94.103 is installed OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
BACK