openSUSE-SU-2021:0462-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0462-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0462-1
- Related
- Published
- 2021-03-22T11:05:35Z
- Modified
- 2021-03-22T11:05:35Z
- Summary
- Security update for grub2
- Details
-
This update for grub2 fixes the following issues:
grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)
- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grubusbdevice_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grubparsersplit_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)
Fixed chainloading windows on dual boot machine (bsc#1183073)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XXPYL42MSKRB4D7LRFMW7PBGGLKSJKPS/
- https://bugzilla.suse.com/1175970
- https://bugzilla.suse.com/1176711
- https://bugzilla.suse.com/1177883
- https://bugzilla.suse.com/1179264
- https://bugzilla.suse.com/1179265
- https://bugzilla.suse.com/1182057
- https://bugzilla.suse.com/1182262
- https://bugzilla.suse.com/1182263
- https://bugzilla.suse.com/1183073
- https://www.suse.com/security/cve/CVE-2020-14372
- https://www.suse.com/security/cve/CVE-2020-25632
- https://www.suse.com/security/cve/CVE-2020-25647
- https://www.suse.com/security/cve/CVE-2020-27749
- https://www.suse.com/security/cve/CVE-2020-27779
- https://www.suse.com/security/cve/CVE-2021-20225
- https://www.suse.com/security/cve/CVE-2021-20233
Affected packages
openSUSE:Leap 15.2 / grub2
Package
- Name
- grub2
- Purl
- purl:rpm/suse/grub2&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.04-lp152.7.22.7
Ecosystem specific
{
"binaries": [
{
"grub2-branding-upstream": "2.04-lp152.7.22.7",
"grub2-i386-pc-debug": "2.04-lp152.7.22.7",
"grub2-i386-efi-debug": "2.04-lp152.7.22.7",
"grub2-snapper-plugin": "2.04-lp152.7.22.7",
"grub2-systemd-sleep-plugin": "2.04-lp152.7.22.7",
"grub2-i386-xen": "2.04-lp152.7.22.7",
"grub2-x86_64-efi-debug": "2.04-lp152.7.22.7",
"grub2-x86_64-efi": "2.04-lp152.7.22.7",
"grub2-i386-efi": "2.04-lp152.7.22.7",
"grub2-i386-pc": "2.04-lp152.7.22.7",
"grub2": "2.04-lp152.7.22.7",
"grub2-x86_64-xen": "2.04-lp152.7.22.7"
}
]
}