Security update for grub2
This update for grub2 fixes the following issues:
- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)
- Use overflow checking primitives where the arithmetic expression for buffer
- Use grub_calloc for overflow check and return NULL when it would occur
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Michael Chang (michael-chang)
Fixed bugs
bnc#1174570
VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer overflows in initrd size handling
bnc#1168994
VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restrictions
bnc#1174463
VUL-0: EMBARGOED: CVE-2020-15706: grub2: script: Avoid a use-after-free when redefining a function during execution
bnc#1173812
VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: grub2: avoid integer overflows
