Oval Definition:oval:org.opensuse.security:def:58090
Revision Date:2021-03-02Version:1
Title:Security update for grub2 (Important)
Description:

This update for grub2 fixes the following issues:

grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)

Following security issues are fixed that can violate secure boot constraints:

- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)

Family:unixClass:patch
Status:Reference(s):1063535
1073230
1074662
1076017
1082318
1083488
1085114
1085447
1104668
1112767
1113107
1118004
1118597
1120114
1120115
1120116
1120117
1120118
1120119
1120120
1120121
1120122
1120767
1122053
1122875
1123709
1127558
1127752
1128828
1128954
1128987
1130246
1130414
1131053
1131291
1138459
1140738
1141329
1141332
1141853
1142614
1160467
1160468
1161167
1164692
1170715
1172698
1172704
1173902
1173948
1173994
1174538
1175070
1175071
1175072
1175970
1176711
1177883
1179264
1179265
1182057
1182262
1182263
967970
975500
979907
997857
CVE-2015-8871
CVE-2016-2533
CVE-2016-4009
CVE-2016-7163
CVE-2017-1000433
CVE-2017-13166
CVE-2018-1000004
CVE-2018-1000872
CVE-2018-1068
CVE-2018-12539
CVE-2018-15126
CVE-2018-15127
CVE-2018-1517
CVE-2018-1656
CVE-2018-19870
CVE-2018-19872
CVE-2018-20019
CVE-2018-20020
CVE-2018-20021
CVE-2018-20022
CVE-2018-20023
CVE-2018-20024
CVE-2018-20852
CVE-2018-2940
CVE-2018-2952
CVE-2018-2973
CVE-2018-6307
CVE-2018-7566
CVE-2019-10160
CVE-2019-12525
CVE-2019-12529
CVE-2019-13345
CVE-2019-14896
CVE-2019-14897
CVE-2019-9893
CVE-2020-0569
CVE-2020-11985
CVE-2020-11993
CVE-2020-14318
CVE-2020-14323
CVE-2020-14372
CVE-2020-15652
CVE-2020-15653
CVE-2020-15654
CVE-2020-15655
CVE-2020-15656
CVE-2020-15657
CVE-2020-15658
CVE-2020-15659
CVE-2020-1938
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2020-6463
CVE-2020-6514
CVE-2020-8023
CVE-2020-9490
CVE-2021-20225
CVE-2021-20233
SUSE-SU-2017:2144-1
SUSE-SU-2018:0989-1
SUSE-SU-2018:2649-1
SUSE-SU-2019:0060-1
SUSE-SU-2019:1136-1
SUSE-SU-2019:1450-1
SUSE-SU-2019:2089-1
SUSE-SU-2019:2091-1
SUSE-SU-2019:2334-1
SUSE-SU-2019:2941-1
SUSE-SU-2020:0318-1
SUSE-SU-2020:0725-1
SUSE-SU-2020:1859-1
SUSE-SU-2020:2100-1
SUSE-SU-2020:2450-1
SUSE-SU-2020:3083-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libminizip1-1.2.11-lp150.1 is installed
  • OR libz1-1.2.11-lp150.1 is installed
  • OR libz1-32bit-1.2.11-lp150.1 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cpio-2.12-lp151.3.3 is installed
  • OR cpio-lang-2.12-lp151.3.3 is installed
  • OR cpio-mt-2.12-lp151.3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_110-default-8-2 is installed
  • OR kgraft-patch-3_12_74-60_64_110-xen-8-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_33-8-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libopenjp2-7-2.1.0-4.3 is installed
  • OR openjpeg2-2.1.0-4.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND squid-3.5.21-26.17 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND ucode-intel-20190507-13.41 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • bind-9.9.9P1-62 is installed
  • OR bind-chrootenv-9.9.9P1-62 is installed
  • OR bind-doc-9.9.9P1-62 is installed
  • OR bind-libs-9.9.9P1-62 is installed
  • OR bind-libs-32bit-9.9.9P1-62 is installed
  • OR bind-utils-9.9.9P1-62 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND mailman-2.1.17-3.23 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • grub2-2.02-4.69.1 is installed
  • OR grub2-arm64-efi-2.02-4.69.1 is installed
  • OR grub2-i386-pc-2.02-4.69.1 is installed
  • OR grub2-snapper-plugin-2.02-4.69.1 is installed
  • OR grub2-systemd-sleep-plugin-2.02-4.69.1 is installed
  • OR grub2-x86_64-efi-2.02-4.69.1 is installed
  • OR grub2-x86_64-xen-2.02-4.69.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.1-2.50 is installed
  • OR libwebkit2gtk-4_0-37-2.28.1-2.50 is installed
  • OR libwebkit2gtk3-lang-2.28.1-2.50 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.1-2.50 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.1-2.50 is installed
  • OR webkit2gtk3-2.28.1-2.50 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • MozillaFirefox-60.7.2-109.80 is installed
  • OR MozillaFirefox-translations-common-60.7.2-109.80 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND sblim-sfcb-1.4.8-17.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.52 is installed
  • OR libopenssl1_0_0-1.0.2j-60.52 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.52 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.52 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.52 is installed
  • OR openssl-1.0.2j-60.52 is installed
  • OR openssl-doc-1.0.2j-60.52 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libmysqlclient18-10.0.38-29.27 is installed
  • OR mariadb-10.0.38-29.27 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
  • BACK