openSUSE Build Service

Security update for grub2

This update for grub2 fixes the following issues:

grub2 implements the new "SBAT" method for SHIM based secure boot revocation. (bsc#1182057)

- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
- CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)

- Fixed chainloading windows on dual boot machine (bsc#1183073)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Submitted by Michael Chang (michael-chang)

Fixed bugs

bnc#1183073

[Build 20210304] grub2 fails to chain load windows on dual boot machine

bnc#1175970

VUL-0: EMBARGOED: CVE-2020-14372: grub2: acpi: command allows privileged user to load crafted ACPI tables when secure boot is enabled

bnc#1177883

VUL-0: EMBARGOED: CVE-2020-25647: grub2: out-of-bound write in grub_usb_device_initialize()

bnc#1179264

VUL-0: EMBARGOED: CVE-2020-27749: grub2: Stack buffer overflow in grub_parser_split_cmdline

bnc#1182057

VUL-0: grub2,shim: implement new SBAT method

bnc#1182263

VUL-0: EMBARGOED: CVE-2021-20233: grub2: heap out-of-bound write due to mis-calculation of space required for quoting

bnc#1176711

VUL-0: EMBARGOED: CVE-2020-25632: grub2: use-after-free in rmmod command

bnc#1182262

VUL-0: EMBARGOED: CVE-2021-20225: grub2: heap out-of-bounds write in short form option parser

bnc#1179265

VUL-0: EMBARGOED: CVE-2020-27779: grub2: cutmem command allow privilleged user to remove memory regions when Secure Boot is enabled

Places

Fixed bugs

Selected Binaries

Places