Security update for grub2
| Announcement ID: | SUSE-SU-2015:2385-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has five security fixes can now be installed.
Description:
This update for grub2 provides the following fixes:
A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)
Also following bugs were fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 11 SP4
zypper in -t patch sledsp4-grub2-12288=1 -
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-grub2-12288=1 -
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-grub2-12288=1
Package List:
-
SUSE Linux Enterprise Desktop 11 SP4 (x86_64)
- grub2-x86_64-xen-2.00-0.54.2
- grub2-x86_64-efi-2.00-0.54.2
-
SUSE Linux Enterprise Server 11 SP4 (x86_64)
- grub2-x86_64-xen-2.00-0.54.2
- grub2-x86_64-efi-2.00-0.54.2
-
SLES for SAP Applications 11-SP4 (x86_64)
- grub2-x86_64-xen-2.00-0.54.2
- grub2-x86_64-efi-2.00-0.54.2
References:
- https://www.suse.com/security/cve/CVE-2015-8370.html
- https://bugzilla.suse.com/show_bug.cgi?id=884828
- https://bugzilla.suse.com/show_bug.cgi?id=884830
- https://bugzilla.suse.com/show_bug.cgi?id=946148
- https://bugzilla.suse.com/show_bug.cgi?id=952539
- https://bugzilla.suse.com/show_bug.cgi?id=954592
- https://bugzilla.suse.com/show_bug.cgi?id=956631