SUSE-SU-2015:2399-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2015/suse-su-20152399-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:2399-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:2399-1

Related

CVE-2015-8370

Published

2015-12-30T07:31:00Z

Modified

2015-12-30T07:31:00Z

Summary

Security update for grub2

Details

This update for grub2 provides the following fixes and enhancements:

Security issue fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)

Non security issues fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add --image switch to force zipl update to specific kernel. (bsc#928131) - Do not use shim lock protocol for reading PE header as it won't be available when secure boot is disabled. (bsc#943380) - Make firmware flaw condition be more precisely detected and add debug message for the case.

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / grub2

Package

Name: grub2
Purl: pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.02~beta2-56.9.4

Ecosystem specific

{
    "binaries": [
        {
            "grub2-x86_64-efi": "2.02~beta2-56.9.4",
            "grub2-x86_64-xen": "2.02~beta2-56.9.4",
            "grub2-i386-pc": "2.02~beta2-56.9.4",
            "grub2": "2.02~beta2-56.9.4",
            "grub2-snapper-plugin": "2.02~beta2-56.9.4"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / grub2

Package

Name: grub2
Purl: pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.02~beta2-56.9.4

Ecosystem specific

{
    "binaries": [
        {
            "grub2-s390x-emu": "2.02~beta2-56.9.4",
            "grub2-x86_64-efi": "2.02~beta2-56.9.4",
            "grub2-snapper-plugin": "2.02~beta2-56.9.4",
            "grub2-x86_64-xen": "2.02~beta2-56.9.4",
            "grub2-i386-pc": "2.02~beta2-56.9.4",
            "grub2-powerpc-ieee1275": "2.02~beta2-56.9.4",
            "grub2": "2.02~beta2-56.9.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / grub2

Package

Name: grub2
Purl: pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.02~beta2-56.9.4

Ecosystem specific

{
    "binaries": [
        {
            "grub2-s390x-emu": "2.02~beta2-56.9.4",
            "grub2-x86_64-efi": "2.02~beta2-56.9.4",
            "grub2-snapper-plugin": "2.02~beta2-56.9.4",
            "grub2-x86_64-xen": "2.02~beta2-56.9.4",
            "grub2-i386-pc": "2.02~beta2-56.9.4",
            "grub2-powerpc-ieee1275": "2.02~beta2-56.9.4",
            "grub2": "2.02~beta2-56.9.4"
        }
    ]
}