Overview

File _patchinfo of Package patchinfo.24426

<patchinfo incident="24426">
  <issue tracker="bnc" id="1193282">grub2 sbat security contact</issue>
  <issue tracker="bnc" id="1191186">VUL-0: EMBARGOED: CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap</issue>
  <issue tracker="bnc" id="1198495">VUL-0: EMBARGOED: CVE-2022-28735: grub2: verifier framework changes</issue>
  <issue tracker="bnc" id="1198493">VUL-0: EMBARGOED: CVE-2022-28734: grub2: net/http: Fix OOB write for split http headers</issue>
  <issue tracker="bnc" id="1191184">VUL-0: EMBARGOED: CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap</issue>
  <issue tracker="bnc" id="1198581">VUL-0: EMBARGOED: grub2: trackerbug for boothole 3 / boothole 2022</issue>
  <issue tracker="bnc" id="1198460">VUL-0: EMBARGOED: CVE-2022-28733: grub2: net/ip: do ip fragment maths safely</issue>
  <issue tracker="bnc" id="1191185">VUL-0: EMBARGOED: CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling</issue>
  <issue tracker="bnc" id="1198496">VUL-0: EMBARGOED: CVE-2022-28736: grub2: fixed a use-after-free in chainloader command</issue>
  <issue tracker="bnc" id="1197948">Stuck at "Welcome to Grub!" for up to 10 minutes PPC64le SLES 12 SP3 ref:_00D1igLOd._5001iqbpga:ref</issue>
  <issue tracker="cve" id="2022-28736"/>
  <issue tracker="cve" id="2021-3697"/>
  <issue tracker="cve" id="2022-28733"/>
  <issue tracker="cve" id="2022-28735"/>
  <issue tracker="cve" id="2021-3696"/>
  <issue tracker="cve" id="2021-3695"/>
  <issue tracker="cve" id="2022-28734"/>
  <packager>michael-chang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for grub2</summary>
  <description>This update for grub2 fixes the following issues:

Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)

- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2

- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places