Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2020:2073-1 Critical: Grub2 Buffer Overflow Security Update

suse
Calendar Grey July 29, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for grub2 ____________________________________________________
An update that fixes 7 vulnerabilities is now available

Summary

This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15:

References

#1168994 #1173812 #1174463 #1174570

Cross- CVE-2020-10713 CVE-2020-14308 CVE-2020-14309

CVE-2020-14310 CVE-2020-14311 CVE-2020-15706

CVE-2020-15707

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2020-10713.html

https://www.suse.com/security/cve/CVE-2020-14308.html

https://www.suse.com/security/cve/CVE-2020-14309.html

https://www.suse.com/security/cve/CVE-2020-14310.html

https://www.suse.com/security/cve/CVE-2020-14311.html

https://www.suse.com/security/cve/CVE-2020-15706.html

https://www.suse.com/security/cve/CVE-2020-15707.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:2073-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here