Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 548
Alerts This Week
Warning Icon 1 548

SUSE: 2022:2064-1 Critical Grub2 Security Patches and Enhancements

suse
Calendar Grey June 13, 2022
Dist Suse Esm H88
Canonical releases essential patches for grub2 tackling significant security vulnerabilities. Discover the improvements made.
An update that solves 7 vulnerabilities and has three fixes is now available

Summary

This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)

References

#1191184 #1191185 #1191186 #1193282 #1197948

#1198460 #1198493 #1198495 #1198496 #1198581

Cross- CVE-2021-3695 CVE-2021-3696 CVE-2021-3697

CVE-2022-28733 CVE-2022-28734 CVE-2022-28735

CVE-2022-28736

CVSS scores:

CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2064-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.