Oval Definition:	oval:org.opensuse.security:def:57174
Revision Date: 2021-03-02 Version: 1 Title: Security update for grub2 (Important) Description: This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) Family: unix Class: patch Status: Reference(s): 1003077 1008842 1009682 1012620 1012985 1015703 1015787 1015821 1017512 1018100 1018263 1018419 1018446 1019168 1019514 1020048 1020795 1021256 1021374 1021762 1021913 1022559 1022971 1023164 1023207 1023377 1023762 1023824 1023888 1023992 1024081 1024234 1024309 1024508 1024788 1025039 1025235 1025354 1025802 1026024 1026722 1026914 1027066 1027178 1027189 1027190 1027519 1027974 1028041 1028415 1028595 1028648 1028895 1029470 1029850 1029986 1030118 1030213 1030593 1030901 1031003 1031052 1031080 1031440 1031567 1031579 1031662 1031842 1032125 1032141 1032344 1032345 1032647 1033336 1034670 103470 1034700 1035576 1035699 1035738 1035877 1036752 1038261 1040311 1040312 1040313 1050577 1050578 1050579 1050581 1052009 1055960 1064069 1064070 1064071 1064072 1064073 1064075 1064077 1064078 1064079 1064080 1064081 1064082 1064083 1064084 1064085 1064086 1068648 1083125 1085447 1085449 1087102 1090368 1090646 1090869 1091107 1093311 1104199 1104202 1112758 1121826 1131886 1137825 1144524 1161799 1166847 1175970 1176711 1177883 1179264 1179265 1182057 1182262 1182263 772586 773621 773626 780432 799133 857926 914939 917630 922853 930399 931620 937444 940946 954763 968697 970083 971933 979215 982783 983212 984530 985561 988065 989056 993832 CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2015-1350 CVE-2016-10044 CVE-2016-10165 CVE-2016-10200 CVE-2016-10208 CVE-2016-2117 CVE-2016-3070 CVE-2016-5243 CVE-2016-7117 CVE-2016-9191 CVE-2016-9588 CVE-2016-9604 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-13166 CVE-2017-16844 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-5897 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 CVE-2017-6951 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 CVE-2017-7645 CVE-2017-8106 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 CVE-2018-0739 CVE-2018-1087 CVE-2018-10915 CVE-2018-10925 CVE-2018-1417 CVE-2018-16839 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-3646 CVE-2018-8781 CVE-2018-8897 CVE-2019-12387 CVE-2019-13456 CVE-2019-17185 CVE-2019-6133 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 CVE-2021-20225 CVE-2021-20233 SUSE-SU-2017:1360-1 SUSE-SU-2017:2989-1 SUSE-SU-2018:0173-1 SUSE-SU-2018:0902-1 SUSE-SU-2018:1505-1 SUSE-SU-2018:1764-1 SUSE-SU-2018:2480-1 SUSE-SU-2018:3066-1 SUSE-SU-2018:3377-1 SUSE-SU-2019:0996-1 SUSE-SU-2019:2035-1 SUSE-SU-2019:2066-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:2391-1 SUSE-SU-2021:0682-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information cups-pk-helper-0.2.6-lp150.1 is installed OR cups-pk-helper-lang-0.2.6-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.3 is installed OR libu2f-host-devel-1.1.6-lp151.2.3 is installed OR libu2f-host-doc-1.1.6-lp151.2.3 is installed OR libu2f-host0-1.1.6-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libvirt-0.9.6-0.23 is installed OR libvirt-client-0.9.6-0.23 is installed OR libvirt-client-32bit-0.9.6-0.23 is installed OR libvirt-doc-0.9.6-0.23 is installed OR libvirt-python-0.9.6-0.23 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information MozillaFirefox-68.5.0-109.106 is installed OR MozillaFirefox-translations-common-68.5.0-109.106 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information kernel-default-3.12.74-60.64.40 is installed OR kernel-default-base-3.12.74-60.64.40 is installed OR kernel-default-devel-3.12.74-60.64.40 is installed OR kernel-default-man-3.12.74-60.64.40 is installed OR kernel-devel-3.12.74-60.64.40 is installed OR kernel-macros-3.12.74-60.64.40 is installed OR kernel-source-3.12.74-60.64.40 is installed OR kernel-syms-3.12.74-60.64.40 is installed OR kernel-xen-3.12.74-60.64.40 is installed OR kernel-xen-base-3.12.74-60.64.40 is installed OR kernel-xen-devel-3.12.74-60.64.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xen-4.5.5_26-22.55 is installed OR xen-doc-html-4.5.5_26-22.55 is installed OR xen-kmp-default-4.5.5_26_k3.12.74_60.64.99-22.55 is installed OR xen-libs-4.5.5_26-22.55 is installed OR xen-libs-32bit-4.5.5_26-22.55 is installed OR xen-tools-4.5.5_26-22.55 is installed OR xen-tools-domU-4.5.5_26-22.55 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND logrotate-3.8.7-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information qemu-2.6.2-41.52 is installed OR qemu-block-curl-2.6.2-41.52 is installed OR qemu-block-rbd-2.6.2-41.52 is installed OR qemu-block-ssh-2.6.2-41.52 is installed OR qemu-guest-agent-2.6.2-41.52 is installed OR qemu-ipxe-1.0.0-41.52 is installed OR qemu-kvm-2.6.2-41.52 is installed OR qemu-lang-2.6.2-41.52 is installed OR qemu-seabios-1.9.1-41.52 is installed OR qemu-sgabios-8-41.52 is installed OR qemu-tools-2.6.2-41.52 is installed OR qemu-vgabios-1.9.1-41.52 is installed OR qemu-x86-2.6.2-41.52 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_80-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_22-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_29-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_10-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information cups-pk-helper-0.2.5-5 is installed OR cups-pk-helper-lang-0.2.5-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information java-1_7_0-openjdk-1.7.0.261-43.38 is installed OR java-1_7_0-openjdk-demo-1.7.0.261-43.38 is installed OR java-1_7_0-openjdk-devel-1.7.0.261-43.38 is installed OR java-1_7_0-openjdk-headless-1.7.0.261-43.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information grub2-2.02-4.69.1 is installed OR grub2-arm64-efi-2.02-4.69.1 is installed OR grub2-i386-pc-2.02-4.69.1 is installed OR grub2-powerpc-ieee1275-2.02-4.69.1 is installed OR grub2-s390x-emu-2.02-4.69.1 is installed OR grub2-snapper-plugin-2.02-4.69.1 is installed OR grub2-systemd-sleep-plugin-2.02-4.69.1 is installed OR grub2-x86_64-efi-2.02-4.69.1 is installed OR grub2-x86_64-xen-2.02-4.69.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libopenssl-devel-1.0.2j-60.39 is installed OR libopenssl1_0_0-1.0.2j-60.39 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.39 is installed OR openssl-1.0.2j-60.39 is installed OR openssl-doc-1.0.2j-60.39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information postgresql96-9.6.10-3.22 is installed OR postgresql96-contrib-9.6.10-3.22 is installed OR postgresql96-docs-9.6.10-3.22 is installed OR postgresql96-libs-9.6.10-3.22 is installed OR postgresql96-server-9.6.10-3.22 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-ipaddress-1.0.18-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-loofah-2.0.2-3.8 is installed OR rubygem-loofah-2.0.2-3.8 is installed
BACK