Security update for grub2
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
- Check MS-DOS header to find PE file header. (bsc#954126)
- Use dirname for copying Xen kernel and initrd to esp. (bsc#955493)
- Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519)
- Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition
in default setup. (bsc#917427, bsc#955609)
- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs
snapshots. (bsc#946148, bsc#952539)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Michael Chang (michael-chang)
Fixed bugs
bnc#774666
grub2 does not offer a Xen entry after installing hypervisor and tools
bnc#917427
LUKS encrypted LVM without separate "/boot" fails using UEFI secure boot
bnc#946148
snapshot enabled causes Xen pv guest to not boot
bnc#952539
Unable to boot Xen PV guest after installing with /boot on ext2/3/4
bnc#954126
Unable to boot Windows partition when SecureBoot is enabled
bnc#954519
Failure to set grub2 password
bnc#955493
boot config generated by grub2-mkconfig (patched) on Leap 42.1 xen + kernel-xen + grub2 on EFI hardware/disk partition is unbootable; forces drop to EFI shell
bnc#955609
Please repair BUG ID 917427 as it was for Tumbleweed
bnc#956631
VUL-0: EMBARGOED: CVE-2015-8370: grub2: overflows in grub_password_get and grub_user_get
