Bug 1173812 - (CVE-2020-14308) VUL-0: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: grub2: avoid integer overflows
(CVE-2020-14308)
VUL-0: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: grub2:...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michael Chang
Security Team bot
https://smash.suse.de/issue/262941/
CVSSv3.1:SUSE:CVE-2020-14308:6.4:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-07 11:11 UTC by Marcus Meissner
Modified: 2021-09-23 18:45 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch (7.47 KB, patch)
2020-07-07 11:16 UTC, Marcus Meissner
Details | Diff
0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch (6.63 KB, patch)
2020-07-07 11:16 UTC, Marcus Meissner
Details | Diff
0004-calloc-Use-calloc-at-most-places.patch (72.93 KB, patch)
2020-07-07 11:16 UTC, Marcus Meissner
Details | Diff
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch (37.00 KB, patch)
2020-07-07 11:17 UTC, Marcus Meissner
Details | Diff
0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch (1.93 KB, patch)
2020-07-07 11:17 UTC, Marcus Meissner
Details | Diff
0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch (4.38 KB, patch)
2020-07-13 08:23 UTC, Marcus Meissner
Details | Diff
0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch (6.63 KB, patch)
2020-07-13 08:24 UTC, Marcus Meissner
Details | Diff
0004-calloc-Use-calloc-at-most-places.patch (72.93 KB, patch)
2020-07-13 08:25 UTC, Marcus Meissner
Details | Diff
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch (37.04 KB, patch)
2020-07-13 08:26 UTC, Marcus Meissner
Details | Diff
0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch (1.93 KB, patch)
2020-07-13 08:27 UTC, Marcus Meissner
Details | Diff
0007-font-Do-not-load-more-than-one-NAME-section.patch (1.24 KB, patch)
2020-07-13 08:28 UTC, Marcus Meissner
Details | Diff
additional overflow patch (1.06 KB, patch)
2020-07-20 14:25 UTC, Johannes Segitz
Details | Diff
patches.tar.bz2 (45.13 KB, application/x-bzip)
2020-07-23 09:49 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2020-07-07 11:16:13 UTC
Created attachment 839419 [details]
0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch

0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
Comment 2 Marcus Meissner 2020-07-07 11:16:27 UTC
Created attachment 839420 [details]
0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch

0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
Comment 3 Marcus Meissner 2020-07-07 11:16:41 UTC
Created attachment 839421 [details]
0004-calloc-Use-calloc-at-most-places.patch

0004-calloc-Use-calloc-at-most-places.patch
Comment 4 Marcus Meissner 2020-07-07 11:17:03 UTC
Created attachment 839422 [details]
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch

0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
Comment 5 Marcus Meissner 2020-07-07 11:17:16 UTC
Created attachment 839423 [details]
0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch

0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
Comment 6 Marcus Meissner 2020-07-07 11:18:43 UTC
CVE-2020-14308

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.


CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.
Comment 7 Marcus Meissner 2020-07-07 11:22:03 UTC
CRD: 2020-07-29 10:00 PDT
Comment 8 Marcus Meissner 2020-07-07 11:22:26 UTC
(0001 patch is the one for the other grub2 CVE).
Comment 10 Michael Chang 2020-07-10 07:27:31 UTC
(In reply to Marcus Meissner from comment #4)
> Created attachment 839422 [details]
> 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> 
> 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch

This and 0004-calloc-Use-calloc-at-most-places.patch touched almost every place in the grub 2.04 code-base with grub_(malloc|calloc) and xmalloc. It becomes harder to backport if the grub version is too far away. The SLE11-(SP3|SP4) are the worst as they are using 2.00 released eight years, basically means we have to walk through the entire source tree to plug any potential leakage and that's very time consuming. :(
Comment 11 Marcus Meissner 2020-07-10 14:20:09 UTC
I am trying to find the secure boot impact of those, but it so far really looks
like its not impacting secure boot chain related details, or?
Comment 12 Michael Chang 2020-07-13 06:53:43 UTC
(In reply to Marcus Meissner from comment #11)
> I am trying to find the secure boot impact of those, but it so far really
> looks
> like its not impacting secure boot chain related details, or?

It is hard to tell from me either, but according to a paragraph about integer overflow in the wikipedia.

"... Such workaround may cause security detriments—if an overflowed value is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, potentially leading to a buffer overflow which, depending on the usage of the buffer, might in turn cause arbitrary code execution..."

The justification as "depending on the usage of the buffer" is quite open-ended on how that could be exploited.

OTOH I agree we should try to avoid making patches besides the mentioned CVE fix of which upstream has reviewed and signed off. I am in a dilemma whether to proceed the backport if the gcc or codebase issue require way more work.
Comment 13 Michael Chang 2020-07-13 06:55:46 UTC
(In reply to Michael Chang from comment #12)
> (In reply to Marcus Meissner from comment #11)

> "... Such workaround may cause security detriments—if an overflowed value is

s/workaround/wraparound/
Comment 14 Michael Chang 2020-07-13 07:01:30 UTC
Are these CVE fixes a request from Microsoft to gain their new signature ? Or only bsc#1168994 is sufficient ?
Comment 15 Marcus Meissner 2020-07-13 08:23:50 UTC
Created attachment 839620 [details]
0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch

0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
Comment 16 Marcus Meissner 2020-07-13 08:24:40 UTC
Created attachment 839621 [details]
0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch

0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
Comment 17 Marcus Meissner 2020-07-13 08:25:20 UTC
(last had bugfixes  from if (grub_mul to if (!grub_mul  )
Comment 18 Marcus Meissner 2020-07-13 08:25:41 UTC
Created attachment 839622 [details]
0004-calloc-Use-calloc-at-most-places.patch

0004-calloc-Use-calloc-at-most-places.patch
Comment 19 Marcus Meissner 2020-07-13 08:26:04 UTC
(no changes in patch 4 compared to prev version)
Comment 20 Marcus Meissner 2020-07-13 08:26:42 UTC
Created attachment 839623 [details]
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch

0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch

some if (grub_xxx replaced by if (!grub_xx  checks
Comment 21 Marcus Meissner 2020-07-13 08:27:25 UTC
Created attachment 839624 [details]
0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch

0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch

also some if (grub_xxx replaced by if (!grub_xxx
Comment 22 Marcus Meissner 2020-07-13 08:28:22 UTC
Created attachment 839625 [details]
0007-font-Do-not-load-more-than-one-NAME-section.patch

0007-font-Do-not-load-more-than-one-NAME-section.patch

new in v8 patchset
Comment 23 Marcus Meissner 2020-07-13 09:19:17 UTC
As far as I understood D Kiper from grub2, he considers these also relevant to grub2 secure boot :(

For SLE12 ... you can use another gcc in the codestream, e.g. for gcc9.

BuildRequires: gcc9

export CC=gcc-9 

or similar.

In SLE11 we have a firefox-gcc8 , which could offer something similar.
Comment 24 Marcus Meissner 2020-07-13 12:40:41 UTC
We were just added to the shim review group.

Currently the issues in this bug are NOT REQUIRED to be fixed to get a new shim.
Comment 25 Michael Chang 2020-07-14 03:24:17 UTC
(In reply to Marcus Meissner from comment #23)

[snip]

> For SLE12 ... you can use another gcc in the codestream, e.g. for gcc9.
> 
> BuildRequires: gcc9
> 
> export CC=gcc-9 
> 
> or similar.

Thanks for the information. This recipe works for me.

> 
> In SLE11 we have a firefox-gcc8 , which could offer something similar.

I added:

BuildRequires: firefox-gcc8

And got this error

> nothing provides firefox-libgcc_s1 >= 8.2.1+r264010-2.14.1 needed by firefox-gcc8, (got version 5.3.1+r233831-7.1)

Looks to me the firefox-libgcc_s1 in update repository is too old for firefox-gcc8, which is weird. Is there anything could be missing here ?

Thanks in advance.
Comment 26 Michael Chang 2020-07-14 03:46:06 UTC
(In reply to Marcus Meissner from comment #24)
> We were just added to the shim review group.
> 
> Currently the issues in this bug are NOT REQUIRED to be fixed to get a new
> shim.

This is great news, should I submit bsc#1168994 to all maintenance codestreams right away and meanwhile process this separately. This would take some pressure off from me as we have to take into account lead time to test.
Comment 27 Michael Chang 2020-07-14 04:22:17 UTC
I am thinking to update grub to 2.04 for all SLE codestream (except for SLE11) for this CVE to get the most coverage of these CVE patches. If not we have to bite the bullet and fix the integer overflow manually for older grub codebase, which is tedious and error-prone if the places need to change are too many. Also it is questionable if no upstream review taking place, these manual fixes could be justified as CVE ?

For SLE11, the situation is worst, not only gcc version, but also the autoconf/automake version cannot serve to build grub 2.04. Plus the codebase shares only little in common with 2.04 that is risky to regression if we make mistake in the process (so the test is very important!)

Is it an option to skip SLE11 for the time being, after CRD or so ?

Summay of grub version in SLE maintenance project.

SUSE_SLE-15-SP2_Update        2.04
SUSE_SLE-15-SP1_Update        2.02
SUSE_SLE-15_Update            2.02
SUSE_SLE-11-SP3_Update        2.00
SUSE_SLE-11-SP4_Update        2.00
SUSE_SLE-12-SP3_Update        2.02
SUSE_SLE-12-SP4_Update        2.02
SUSE_SLE-12-SP2_Update        2.02~beta2
SUSE_SLE-12-SP1_Update        2.02~beta2

And also the work of upgrading grub 2.04 with these CVE fixes on all code stream is tracked here. 

https://build.suse.de/package/show/home:michael-chang:build-test/grub2
Comment 28 Marcus Meissner 2020-07-14 06:01:00 UTC
I have to check sle11..

12-Sp1 is not required anymore, 12-sp1 went EOL. (and rest is covered by 12-sp2 and newer sources)

How compatible are these changes? just plug in?
Comment 29 Michael Chang 2020-07-14 06:28:01 UTC
(In reply to Marcus Meissner from comment #28)

> How compatible are these changes? just plug in?

Sorry I didn't get that, would you please be more elaborate ? The grub version change will mostly introduce change to the core part. A quick check to the grub-core directory ...

> mchang@mercury:~/git/grub> git diff --stat grub-2.04 grub-2.02 -- grub-core/ | tail -n 1
> 410 files changed, 48681 insertions(+), 22976 deletions(-)

In short we may have to check grub_malloc etc from those 410 changed files ..
Comment 30 Michael Chang 2020-07-14 06:43:07 UTC
And may have to do it once again for 2.02-beta2 ...:(

> mchang@mercury:~/git/grub> git diff --stat grub-2.02-beta2 grub-2.02 | tail -n 1
> 514 files changed, 21749 insertions(+), 6414 deletions(-)
Comment 31 Michael Chang 2020-07-16 06:53:04 UTC
These CVE Fixes for SLE15-SP2 Update is all set, I have submitted them in:

https://build.suse.de/request/show/222359
Comment 32 Michael Chang 2020-07-20 06:55:15 UTC
The submission of these CVE fixes to all SLE12 and SLE15 maintained code streams in which grub2 version is older than 2.04.

SLE-15-SP1:
https://build.suse.de/request/show/222551

SLE-15:
https://build.suse.de/request/show/222552

SLE-12-SP4:
https://build.suse.de/request/show/222553

SLE-12-SP3:
https://build.suse.de/request/show/222554

SLE-12-SP2:
https://build.suse.de/request/show/222555

SLE-12-SP1:
https://build.suse.de/request/show/222556
Comment 33 Michael Chang 2020-07-20 07:01:47 UTC
Please note the changelog in SLE12-SP1 and SLE12-SP2 also referenced external bugzilla numbers, which is necessary fixes to newer gcc-9. Please let me know is it appropriate not as long as we are dealing with confidential CVE fixes here.

Thanks a lot.
Comment 34 Marcus Meissner 2020-07-20 08:31:39 UTC
They are still continuzing to fix issues in they keybase grub2 ... I cannot keep up.
Comment 35 Michael Chang 2020-07-20 08:41:42 UTC
(In reply to Marcus Meissner from comment #34)
> They are still continuzing to fix issues in they keybase grub2 ... I cannot
> keep up.

Should I revoke them or is there anything should I do here ? Thanks.
Comment 36 Marcus Meissner 2020-07-20 08:48:18 UTC
no reject. 

i will see i can attach the new patches in a bit.
Comment 37 Michael Chang 2020-07-20 09:46:15 UTC
(In reply to Michael Chang from comment #25)
> (In reply to Marcus Meissner from comment #23)

> > nothing provides firefox-libgcc_s1 >= 8.2.1+r264010-2.14.1 needed by firefox-gcc8, (got version 5.3.1+r233831-7.1)
> 
> Looks to me the firefox-libgcc_s1 in update repository is too old for
> firefox-gcc8, which is weird. Is there anything could be missing here ?

Hi Marcus,

I think I am still needing support to solve the build dependency error to use firfox-gcc8 in SLE11. Did you know anyone can I call out for help ? Thanks in advanced.
Comment 38 Johannes Segitz 2020-07-20 14:25:27 UTC
Created attachment 839862 [details]
additional overflow patch

(In reply to Marcus Meissner from comment #34)
yes, it's really confusing to work there.

I just got pointed toward three patches and attach the one we're missing here
Comment 39 Marcus Meissner 2020-07-20 16:02:28 UTC
Michael, firefox-gcc8 should now be available and working on SLES 11 SP3 and SP4 level for you.
Comment 40 Michael Chang 2020-07-21 07:04:04 UTC
(In reply to Johannes Segitz from comment #38)
> Created attachment 839862 [details]
> additional overflow patch
> 
> (In reply to Marcus Meissner from comment #34)
> yes, it's really confusing to work there.
> 
> I just got pointed toward three patches and attach the one we're missing here

Hm. This is not a fix to upstream's code base, instead to a downstream feature (UEFI HTTPS Boot) we have been sharing with Red Hat, among other distributions.

Anyway I will apply it and supersede existing maintenance request.
Thanks.
Comment 41 Michael Chang 2020-07-21 07:11:25 UTC
(In reply to Marcus Meissner from comment #39)
> Michael, firefox-gcc8 should now be available and working on SLES 11 SP3 and
> SP4 level for you.

Yes. Now it failed at this point and I'm scratching my head ..

[  130s] checking for C compiler default output file name... 
[  130s] configure: error: in `/usr/src/packages/BUILD/grub-2.00/build-xen':
[  130s] configure: error: C compiler cannot create executables
[  130s] See `config.log' for more details.
Comment 42 Marcus Meissner 2020-07-21 16:12:16 UTC
how do you specify it? you need to use:

CC=/usr/%_lib/firefox/bin/gcc-8
Comment 43 Michael Chang 2020-07-22 02:12:20 UTC
(In reply to Marcus Meissner from comment #42)
> how do you specify it? you need to use:
> 
> CC=/usr/%_lib/firefox/bin/gcc-8

Indeed, now it has passed configure's gcc checks/tests.
Comment 44 Marcus Meissner 2020-07-23 09:49:29 UTC
Created attachment 839947 [details]
patches.tar.bz2

patches.tar.bz2

this is the current patchset they have. 

it has the yylex change as 0001 (belonging to other bug)

Interesting also this adjustment which avoids requirement on newer gcc:

0026-update-safemath-with-fallback-code-for-gcc-older-tha.patch


Not all of them are needed for this bug, as mentioned.
Comment 45 Michael Chang 2020-07-23 10:08:50 UTC
The maintenance request to SLE-11-SP4:Update, with these CVE fixes backported and also build fixes for firefox-gcc8.

https://build.suse.de/request/show/222745

The SLE-11-SP3:Update is ended (LTSS ended at 30 Jan 2019).
Comment 46 Michael Chang 2020-07-23 10:27:44 UTC
(In reply to Marcus Meissner from comment #44)
> Created attachment 839947 [details]
> patches.tar.bz2
> 
> patches.tar.bz2
> 
> this is the current patchset they have. 
> 
> it has the yylex change as 0001 (belonging to other bug)
> 
> Interesting also this adjustment which avoids requirement on newer gcc:
> 
> 0026-update-safemath-with-fallback-code-for-gcc-older-tha.patch

I think we should apply this thus can get rid of a bunch of backported patches to fix new compiler issues.

> Not all of them are needed for this bug, as mentioned.

Would you please confirm that it's enough with our current patches submitted up to 0007-font-Do-not-load-more-than-one-NAME-section.patch ? The CVE fixes mentioned has already been covered by:

0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch:Fixes: CVE-2020-10713
0004-calloc-Use-calloc-at-most-places.patch:Fixes: CVE-2020-14308
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch:Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

I will apply 0026-update-safemath-with-fallback-code-for-gcc-older-tha.patch to ease the backport and make a new maintenance update, if it is fine with our current work (ie no other new patches from the tarball are required).

Thanks.
Comment 48 Michael Chang 2020-07-27 10:15:00 UTC
(In reply to Michael Chang from comment #46)
> (In reply to Marcus Meissner from comment #44)

> I will apply 0026-update-safemath-with-fallback-code-for-gcc-older-tha.patch
> to ease the backport and make a new maintenance update, if it is fine with
> our current work (ie no other new patches from the tarball are required).

The fallback turned out not really useful, it failed to compile for older gcc with errors like this. 

[  128s] ../include/grub/safemath.h:105:15: error: comparison of distinct pointer types lacks a cast [-Werror]
[  128s]   (void) (&__a == __d);    \
Comment 50 Marcus Meissner 2020-07-29 17:03:28 UTC
public via 

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Comment 51 Swamp Workflow Management 2020-07-29 22:13:30 UTC
SUSE-SU-2020:2073-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise Server 15-LTSS (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    grub2-2.02-19.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2020-07-29 22:14:47 UTC
SUSE-SU-2020:2076-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    grub2-2.02~beta2-115.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Swamp Workflow Management 2020-07-29 22:16:07 UTC
SUSE-SU-2020:2079-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    grub2-2.02-4.53.1
SUSE OpenStack Cloud 8 (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    grub2-2.02-4.53.1
SUSE Enterprise Storage 5 (src):    grub2-2.02-4.53.1
HPE Helion Openstack 8 (src):    grub2-2.02-4.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Swamp Workflow Management 2020-07-29 22:17:18 UTC
SUSE-SU-2020:2078-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grub2-2.02-12.31.1
SUSE OpenStack Cloud 9 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server 12-SP5 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    grub2-2.02-12.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2020-07-29 22:19:13 UTC
SUSE-SU-2020:2074-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    grub2-2.04-9.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    grub2-2.04-9.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2020-07-29 22:21:14 UTC
SUSE-SU-2020:2077-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    grub2-2.02-26.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    grub2-2.02-26.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Swamp Workflow Management 2020-07-29 22:22:30 UTC
SUSE-SU-2020:14440-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    grub2-2.00-0.66.15.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    grub2-2.00-0.66.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Marcus Meissner 2020-08-07 10:00:36 UTC
released
Comment 60 Swamp Workflow Management 2020-08-08 16:14:27 UTC
openSUSE-SU-2020:1168-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    grub2-2.02-lp151.21.21.4
Comment 61 Swamp Workflow Management 2020-08-08 16:16:21 UTC
openSUSE-SU-2020:1169-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    grub2-2.04-lp152.7.3.4