grub2 bug fix update

An update is available for grub2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

SUSE-SU-2023:2150-1 Security update for shim

This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x8664.asc, signature-sles.aarch64.asc bsc1198458 - Add POSTPROCESSPEFLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe...

EulerOS Virtualization 3.0.2.0 : grub2 (EulerOS-SA-2023-1722)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...

SUSE-SU-2023:2086-1 Security update for shim

This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x8664.asc, signature-sles.aarch64.asc bsc1198458 - Add POSTPROCESSPEFLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe...

SUSE-SU-2023:1701-1 Security update for grub2

This security update of grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grubfontconstructglyph bsc1205178. - CVE-2022-3775: Fixed integer underflow in blitcomb bsc1205182. - Bump upstream SBAT generation to 3 - rebuild the package with the new secure boot key bsc120918...

SUSE CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...

EulerOS Virtualization 3.0.6.6 : grub2 (EulerOS-SA-2022-2504)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...

EulerOS Virtualization 2.9.0 : grub2 (EulerOS-SA-2022-2381)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...

EulerOS Virtualization 2.10.1 : grub2 (EulerOS-SA-2022-2080)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing...

Failed to start XenServer system with a new grub.cfg copied from another XenServer host.

Customer deleted grub.cfg by mistake, and copied the file from other host, but the affected host cannot boot now...

openSUSE Security Update : grub2 (openSUSE-2016-10)

Fix buffer overflows when reading username and password. bsc956631, CVE-2015-8370 - Check MS-DOS header to find PE file header. bsc954126 - Use dirname for copying Xen kernel and initrd to esp. bsc955493 - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. bsc954519 - Add luks,...

SUSE SLED12 / SLES12 Security Update : grub2 (SUSE-SU-2015:2399-1)

This update for grub2 provides the following fixes and enhancements : Security issue fixed : - Fix buffer overflows when reading username and password. bsc956631, CVE-2015-8370 Non security issues fixed : - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs...

SUSE-SU-2015:2387-1 Security update for grub2

Fix buffer overflows when reading username and password. bsc956631, CVE-2015-8370 - Check MS-DOS header to find PE file header. bsc954126 - Use dirname for copying Xen kernel and initrd to esp. bsc955493 - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. bsc954519 - Add luks,...

SUSE-SU-2015:2386-1 Security update for grub2

This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed bsc956631, CVE-2015-8370 Bugs fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. bsc946148, bsc952539 - Add...

Fedora 22 : xen-4.5.1-5.fc22 (2015-12657)

QEMU heap overflow flaw while processing certain ATAPI commands. XSA-138, CVE-2015-5154 1247142 try again to fix xen-qemu-dom0-disk-backend.service 1242246 correct qemu location in xen-qemu-dom0-disk-backend.service 1242246, rebuild efi grub.cfg if it is present 1239309, re-enable remus by buildi...

UBUNTU-CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...

CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...