File _patchinfo of Package patchinfo.15778
<patchinfo incident="15778">
<issue tracker="cve" id="2020-10713"/>
<issue tracker="cve" id="2020-14310"/>
<issue tracker="cve" id="2020-14309"/>
<issue tracker="cve" id="2020-14311"/>
<issue tracker="cve" id="2020-14308"/>
<issue tracker="cve" id="2020-15706"/>
<issue tracker="cve" id="2020-15707"/>
<issue tracker="bnc" id="1174570">VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer overflows in initrd size handling</issue>
<issue tracker="bnc" id="1168994">VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restrictions</issue>
<issue tracker="bnc" id="1174463">VUL-0: EMBARGOED: CVE-2020-15706: grub2: script: Avoid a use-after-free when redefining a function during execution</issue>
<issue tracker="bnc" id="1173812">VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: grub2: avoid integer overflows</issue>
<packager>michael-chang</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for grub2</summary>
<description>This update for grub2 fixes the following issues:
- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)
- Use overflow checking primitives where the arithmetic expression for buffer
- Use grub_calloc for overflow check and return NULL when it would occur
</description>
</patchinfo>