Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

SUSE: 2022:2073-1 Important: Grub2 Update Addresses Critical Threats

suse
Calendar Grey June 14, 2022
Dist Suse Esm H88
A fresh SUSE Security Update has remedied significant issues in grub2, tackling critical vulnerabilities. Ensure your system's safety!
An update that solves 7 vulnerabilities and has 14 fixes is now available

Summary

This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)

References

#1071559 #1159205 #1179981 #1189769 #1189874

#1191184 #1191185 #1191186 #1191504 #1191974

#1192522 #1192622 #1193282 #1193532 #1195204

#1197948 #1198460 #1198493 #1198495 #1198496

#1198581

Cross- CVE-2021-3695 CVE-2021-3696 CVE-2021-3697

CVE-2022-28733 CVE-2022-28734 CVE-2022-28735

CVE-2022-28736

CVSS scores:

CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2073-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.