Overview

File _patchinfo of Package patchinfo.15778

<patchinfo incident="15778">
  <issue tracker="cve" id="2020-10713"/>
  <issue tracker="cve" id="2020-14310"/>
  <issue tracker="cve" id="2020-14309"/>
  <issue tracker="cve" id="2020-14311"/>
  <issue tracker="cve" id="2020-14308"/>
  <issue tracker="cve" id="2020-15706"/>
  <issue tracker="cve" id="2020-15707"/>
  <issue tracker="bnc" id="1174570">VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer overflows in initrd size handling</issue>
  <issue tracker="bnc" id="1168994">VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restrictions</issue>
  <issue tracker="bnc" id="1174463">VUL-0: EMBARGOED: CVE-2020-15706: grub2: script: Avoid a use-after-free when redefining a function during execution</issue>
  <issue tracker="bnc" id="1173812">VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: grub2: avoid integer overflows</issue>
  <packager>michael-chang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for grub2</summary>
  <description>This update for grub2 fixes the following issues:

- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)

- Use overflow checking primitives where the arithmetic expression for buffer
- Use grub_calloc for overflow check and return NULL when it would occur 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places