Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:2041-1 Important: Grub2 Issues Critical DoS and Buffer Overflow

suse
Calendar Grey June 10, 2022
Dist Suse Esm H88
SUSE Security Patch for grub2: Critical updates resolve 6 vulnerabilities to improve overall system security.
An update that solves 6 vulnerabilities and has two fixes is now available

Summary

This update for grub2 fixes the following issues: Security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 Patch Instructions:

Topics%20covered

Topics Covered

security advisory buffer overflow DoS SUSE out-of-bounds important fixes grub2

References

#1191184 #1191185 #1191186 #1193282 #1198460

#1198493 #1198496 #1198581

Cross- CVE-2021-3695 CVE-2021-3696 CVE-2021-3697

CVE-2022-28733 CVE-2022-28734 CVE-2022-28736

CVSS scores:

CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS

SUSE Linux Ente...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2041-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow DoS SUSE out-of-bounds important fixes grub2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here