Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 494
Alerts This Week
Warning Icon 1 494

openSUSE Leap 42.1: 2016:0036-1 Important: grub2 Buffer Overflow

opensuse
Calendar Grey January 6, 2016
Dist Opensuse Esm H88
openSUSE Releases Essential Security Update to Tackle Severe grub2 Vulnerability, Implementing Solutions for Buffer Overflows Among Other Security Threats.
An update that solves one vulnerability and has 8 fixes is now available.

Description

- Fix buffer overflows when reading username and password. (bsc#956631,

CVE-2015-8370)

- Check MS-DOS header to find PE file header. (bsc#954126)

- Use dirname for copying Xen kernel and initrd to esp. (bsc#955493)

- Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty.

(bsc#954519)

- Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support

LUKS partition in default setup. (bsc#917427, bsc#955609)

- Expand list of grub.cfg search path in PV Xen guests for systems

installed on btrfs snapshots. (bsc#946148, bsc#952539) This update was

imported from the SUSE:SLE-12-SP1:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-10=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i586 x86_64):

grub2-2.02~beta2-76.1

grub2-branding-upstream-2.02~beta2-76.1

grub2-debuginfo-2.02~beta2-76.1

grub2-i386-pc-2.02~beta2-76.1

- openSUSE Leap 42.1 (x86_64):

grub2-x86_64-efi-2.02~beta2-76.1

grub2-x86_64-xen-2.02~beta2-76.1

- openSUSE Leap 42.1 (noarch):

grub2-snapper-plugin-2.02~beta2-76.1

- openSUSE Leap 42.1 (i586):

grub2-i386-efi-2.02~beta2-76.1

References

https://www.suse.com/security/cve/CVE-2015-8370.html

https://bugzilla.suse.com/774666

https://bugzilla.suse.com/917427

https://bugzilla.suse.com/946148

https://bugzilla.suse.com/952539

https://bugzilla.suse.com/954126

https://bugzilla.suse.com/954519

https://bugzilla.suse.com/955493

https://bugzilla.suse.com/955609

https://bugzilla.suse.com/956631

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:0036-1
Rating: important
Affected Products: openSUSE Leap 42.1 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.