File _patchinfo of Package patchinfo.18448

<patchinfo incident="18448">
  <issue tracker="bnc" id="1182262">VUL-0: EMBARGOED: CVE-2021-20225: grub2: heap out-of-bounds write in short form option parser</issue>
  <issue tracker="bnc" id="1179265">VUL-0: EMBARGOED: CVE-2020-27779: grub2: cutmem command allow privilleged user to remove memory regions when Secure Boot is enabled</issue>
  <issue tracker="bnc" id="1182263">VUL-0: EMBARGOED: CVE-2021-20233: grub2: heap out-of-bound write due to mis-calculation of space required for quoting</issue>
  <issue tracker="bnc" id="1177883">VUL-0: EMBARGOED: CVE-2020-25647: grub2: out-of-bound write in grub_usb_device_initialize()</issue>
  <issue tracker="bnc" id="1176711">VUL-0: EMBARGOED: CVE-2020-25632: grub2: use-after-free in rmmod command</issue>
  <issue tracker="bnc" id="1182057">VUL-0: grub2,shim: implement new SBAT method</issue>
  <issue tracker="bnc" id="1179264">VUL-0: EMBARGOED: CVE-2020-27749: grub2: Stack buffer overflow in grub_parser_split_cmdline</issue>
  <issue tracker="bnc" id="1175970">VUL-0: EMBARGOED: CVE-2020-14372: grub2: acpi: command allows privileged user to load crafted ACPI tables when secure boot is enabled</issue>
  <issue tracker="cve" id="2020-25647"/>
  <issue tracker="cve" id="2021-20225"/>
  <issue tracker="cve" id="2020-27749"/>
  <issue tracker="cve" id="2021-20233"/>
  <issue tracker="cve" id="2020-27779"/>
  <issue tracker="cve" id="2020-14372"/>
  <issue tracker="cve" id="2020-25632"/>
  <packager>michael-chang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for grub2</summary>
  <description>This update for grub2 fixes the following issues:

grub2 now implements the new "SBAT" method for SHIM based secure boot revocation. (bsc#1182057)

Following security issues are fixed that can violate secure boot constraints:

- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
- CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)

</description>
</patchinfo>