|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-20225: grub2: heap out-of-bounds write in short form option parser | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Michael Chang <mchang> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P2 - High | CC: | meng.su.tan, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/277945/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-20225:7.5:(AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 1
Marcus Meissner
2021-02-15 13:42:10 UTC
is public SUSE-SU-2021:0685-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): grub2-2.02-19.66.1 SUSE Linux Enterprise Server 15-LTSS (src): grub2-2.02-19.66.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): grub2-2.02-19.66.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): grub2-2.02-19.66.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0681-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): grub2-2.02-12.47.1 SUSE OpenStack Cloud 9 (src): grub2-2.02-12.47.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): grub2-2.02-12.47.1 SUSE Linux Enterprise Server 12-SP5 (src): grub2-2.02-12.47.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): grub2-2.02-12.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0683-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): grub2-2.04-9.34.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): grub2-2.04-9.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0682-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): grub2-2.02-4.69.1 SUSE OpenStack Cloud 8 (src): grub2-2.02-4.69.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): grub2-2.02-4.69.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): grub2-2.02-4.69.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): grub2-2.02-4.69.1 HPE Helion Openstack 8 (src): grub2-2.02-4.69.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0679-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE OpenStack Cloud 7 (src): grub2-2.02-115.59.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): grub2-2.02-115.59.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): grub2-2.02-115.59.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): grub2-2.02-115.59.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:14659-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2017-9763,CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): grub2-2.02-0.66.26.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): grub2-2.02-0.66.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0684-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Manager Server 4.0 (src): grub2-2.02-26.43.1 SUSE Manager Retail Branch Server 4.0 (src): grub2-2.02-26.43.1 SUSE Manager Proxy 4.0 (src): grub2-2.02-26.43.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): grub2-2.02-26.43.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): grub2-2.02-26.43.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): grub2-2.02-26.43.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): grub2-2.02-26.43.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): grub2-2.02-26.43.1 SUSE Enterprise Storage 6 (src): grub2-2.02-26.43.1 SUSE CaaS Platform 4.0 (src): grub2-2.02-26.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:0462-1: An update that solves 7 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263,1183073 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: openSUSE Leap 15.2 (src): grub2-2.04-lp152.7.22.7 Hi All, https://www.suse.com/security/cve/CVE-2020-25632 https://www.suse.com/security/cve/CVE-2020-25647 https://www.suse.com/security/cve/CVE-2020-27749 https://www.suse.com/security/cve/CVE-2020-27779 https://www.suse.com/security/cve/CVE-2020-14372 https://www.suse.com/security/cve/CVE-2021-20225 https://www.suse.com/security/cve/CVE-2021-20233 The CVE webpage does not record sles11sp3 related information, Does this grub2 vulnerability affect the sles11sp3 system,whether it is planned to be repaired? thank you very much. Thanks, Mengsu yes, it affects also sle11 sp3, but you will need to request fixes via L3 for this reactive support only codestream. done |