Oval Definition:oval:org.opensuse.security:def:94454
Revision Date:2022-06-10Version:1
Title: (Important)
Description:

This update for grub2 fixes the following issues:

This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581)

- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2

- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
Family:unixClass:patch
Status:Reference(s):1178882
1191184
1191185
1191186
1193282
1197948
1198460
1198493
1198495
1198496
1198581
CVE-2020-8277
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
CVE-2022-28736
SUSE-SU-2020:3478-1
Platform(s):Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • c-ares-devel-1.17.0-3.8.1 is installed
  • OR libcares2-1.17.0-3.8.1 is installed
  • Definition Synopsis
  • Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE is installed
  • AND Package Information
  • grub2-2.06-150400.11.5.2 is installed
  • OR grub2-i386-pc-2.06-150400.11.5.2 is installed
  • OR grub2-x86_64-efi-2.06-150400.11.5.2 is installed
  • BACK