openSUSE Leap 15.5: 2025:0587-1 important: multiple grub2 concerns

opensuse

February 19, 2025

An update that solves 22 vulnerabilities can now be installed.

Description

This update for grub2 fixes the following issues:

* CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)

* CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)

* CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)

* CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)

* CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)

* CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)

* CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)

* CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)

* CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)

* CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable

modules. (bsc#1233606)

* CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)

* CVE-2025-0624: Fixed an out-of-bounds write during the network boot process.

(bsc#1236316)

* CVE-2025-0622: Fixed a...

Read the Full Advisory

Topics Covered

security advisory update buffer overflow important heap overflow integer overflow openSUSE out-of-bounds write grub2

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch SUSE-2025-587=1

* SUSE Linux Enterprise Micro 5.5

zypper in -t patch SUSE-SLE-Micro-5.5-2025-587=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-587=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-587=1

* SUSE Linux Enterprise Server 15 SP5 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-587=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-587=1

Package List

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)

* grub2-debuginfo-2.06-150500.29.43.2

* grub2-2.06-150500.29.43.2

* grub2-branding-upstream-2.06-150500.29.43.2

* openSUSE Leap 15.5 (aarch64 s390x x86_64 i586)

* grub2-debugsource-2.06-150500.29.43.2

* openSUSE Leap 15.5 (noarch)

* grub2-i386-efi-extras-2.06-150500.29.43.2

* grub2-arm64-efi-2.06-150500.29.43.2

* grub2-i386-xen-extras-2.06-150500.29.43.2

* grub2-systemd-sleep-plugin-2.06-150500.29.43.2

* grub2-powerpc-ieee1275-2.06-150500.29.43.2

* grub2-arm64-efi-debug-2.06-150500.29.43.2

* grub2-x86_64-efi-extras-2.06-150500.29.43.2

* grub2-s390x-emu-extras-2.06-150500.29.43.2

* grub2-i386-pc-2.06-150500.29.43.2

* grub2-i386-xen-2.06-150500.29.43.2

* grub2-powerpc-ieee1275-extras-2.06-150500.29.43.2

* grub2-x86_64-xen-2.06-150500.29.43.2

* grub2-i386-xen-debug-2.06-150500.29.43.2

* grub2-x86_64-xen-extras-2.06-150500.29.43.2

* grub2-x86_64-xen-debug-2.06-150500.29.43.2

* grub2-i386-efi-debug-2.06-150500.29.43.2

*...

Read the Full Advisory

References

* bsc#1233606

* bsc#1233608

* bsc#1233609

* bsc#1233610

* bsc#1233612

* bsc#1233613

* bsc#1233614

* bsc#1233615

* bsc#1233616

* bsc#1233617

* bsc#1234958

* bsc#1236316

* bsc#1236317

* bsc#1237002

* bsc#1237006

* bsc#1237008

* bsc#1237009

* bsc#1237010

* bsc#1237011

* bsc#1237012

* bsc#1237013

* bsc#1237014

## References:

* https://www.suse.com/security/cve/CVE-2024-45774.html

* https://www.suse.com/security/cve/CVE-2024-45775.html

* https://www.suse.com/security/cve/CVE-2024-45776.html

* https://www.suse.com/security/cve/CVE-2024-45777.html

* https://www.suse.com/security/cve/CVE-2024-45778.html

* https://www.suse.com/security/cve/CVE-2024-45779.html

* https://www.suse.com/security/cve/CVE-2024-45780.html

* https://www.suse.com/security/cve/CVE-2024-45781.html

* https://www.suse.com/security/cve/CVE-2024-45782.html

* https://www.suse.com/security/cve/CVE-2024-45783.html

* https://www.suse.com/security/cve/CVE-2024-56737.html

* https://www.suse.com/security/cve/CVE-2025-0622.html

*...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:0587-1

Release Date: 2025-02-19T07:29:36Z

Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5

Topics Covered

security advisory update buffer overflow important heap overflow integer overflow openSUSE out-of-bounds write grub2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE Leap 15.5: 2025:0587-1 important: multiple grub2 concerns

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE Leap 15.5: 2025:0587-1 important: multiple grub2 concerns

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!