Oval Definition:oval:org.opensuse.security:def:95385
Revision Date:2022-06-10Version:1
Title:Security update for grub2 (Important)
Description:

This update for grub2 fixes the following issues:

This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581)

- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2

- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
Family:unixClass:patch
Status:Reference(s):1027519
1189632
1191184
1191185
1191186
1193282
1197948
1198460
1198493
1198495
1198496
1198581
CVE-2021-28701
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
CVE-2022-28736
SUSE-SU-2022:2035-1
Platform(s):SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
SUSE Manager Proxy 4.3
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • AND grub2-arm64-efi-2.06-150400.11.5.2 is installed
    • BACK