Overview

File _patchinfo of Package patchinfo.15810

<patchinfo incident="15810">
  <issue tracker="cve" id="2020-14309"/>
  <issue tracker="cve" id="2020-14310"/>
  <issue tracker="cve" id="2020-15706"/>
  <issue tracker="cve" id="2020-10713"/>
  <issue tracker="cve" id="2020-14311"/>
  <issue tracker="cve" id="2020-14308"/>
  <issue tracker="cve" id="2020-15707"/>
  <issue tracker="bnc" id="1174570">VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer overflows in initrd size handling</issue>
  <issue tracker="bnc" id="1173812">VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: grub2: avoid integer overflows</issue>
  <issue tracker="bnc" id="1168994">VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restrictions</issue>
  <issue tracker="bnc" id="1174463"></issue>
  <packager>michael-chang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for grub2</summary>
  <description>This update for grub2 fixes the following issues:

- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
  (bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)

- Use overflow checking primitives where the arithmetic expression for buffer
  allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur 
- Use gcc-9 compiler for overflow check builtins
- Backport gcc-9 build fixes
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places