|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Bootloader Maintainers <bootloader-maintainers> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | cathy.hu, meissner, zluo |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/311405/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-3696:5.0:(AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1198581 | ||
| Attachments: | 0006-png-avoid-heap-OOB-R-W-inserting-huff-table-items.patch | ||
This is an embargoed bug. This means that this information is not public. Please do NOT: - talk to other people about this unless they're involved in fixing the issue - make this bug public - submit this into OBS (e.g. fix Leap/Tumbleweed) until this bug becomes public (e.g. no EMBARGOED tag on the header) Consult with security team if you think that the issue is public and the bug is still private (e.g. subject still contains "EMBARGOED"). Please do NOT make the bug public yourself! Please be aware that the SUSE:SLE-15-SP4:GA codestream is available via OBS, so do NOT submit there before this is public. These are the steps that are asked from you: 1, Your primary responsibility is to submit a fix for this issue. Here's a how-to for submitting packages for maintenance releases in IBS: https://confluence.suse.com/display/maintenance/How+to+Submit+Packages+or+Containers+to+Maintenance Apart from the GA codestreams mentioned above, you can submit to IBS anytime. This is private and allows us to start testing as soon as possible. 2, We also want to fix openSUSE if it's affected. $ is_maintained $PACKAGE will tell you if the package is inherited from SLES or if it is branched for openSUSE. There are two cases: - It's coming from SLES: The update will automatically be released for openSUSE. Nothing to do for you. - It's branched for openSUSE: You need to submit AFTER the bug became public, to the current openSUSE codestreams. For openSUSE Factory please submit to the devel project of your package AFTER the bug became public. Security will then take the following steps: - We wait for your submission and package them into an incident for QA testing. The QA tester might reach out to you if they find issues with the update. - Once the coordinated release date (CRD), the date this issue should become public, is reached (or for internal findings: once we're done testing), we remove the EMBARGOED tag from this bug and publish the updates. - Only if the bug here is public you may submit to public repositories (OBS). You can contact us at: * IRC: irc.suse.de #security * Do NOT use Slack or any non-SUSE hosted messaging services * Email: security-team@suse.de CRD: 2022-04-26 CRD: 2022-05-24 New CRD was set to allow shim code to be ready. CRD: 2022-06-07 10:00PT pubklic now SUSE-SU-2022:2037-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): grub2-2.02-137.2 SUSE OpenStack Cloud 8 (src): grub2-2.02-137.2 SUSE Linux Enterprise Server for SAP 12-SP3 (src): grub2-2.02-137.2 SUSE Linux Enterprise Server 12-SP3-LTSS (src): grub2-2.02-137.2 SUSE Linux Enterprise Server 12-SP3-BCL (src): grub2-2.02-137.2 HPE Helion Openstack 8 (src): grub2-2.02-137.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2035-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 JIRA References: Sources used: openSUSE Leap 15.4 (src): grub2-2.06-150400.11.5.2 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): grub2-2.06-150400.11.5.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src): grub2-2.06-150400.11.5.2 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): grub2-2.06-150400.11.5.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2039-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): grub2-2.02-115.67.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2041-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): grub2-2.02-150100.123.12.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): grub2-2.02-150100.123.12.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): grub2-2.02-150100.123.12.2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): grub2-2.02-150100.123.12.2 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): grub2-2.02-150100.123.12.2 SUSE Enterprise Storage 6 (src): grub2-2.02-150100.123.12.2 SUSE CaaS Platform 4.0 (src): grub2-2.02-150100.123.12.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2036-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): grub2-2.02-150000.122.12.2 SUSE Linux Enterprise Server 15-LTSS (src): grub2-2.02-150000.122.12.2 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): grub2-2.02-150000.122.12.2 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): grub2-2.02-150000.122.12.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2038-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): grub2-2.02-143.2 SUSE OpenStack Cloud 9 (src): grub2-2.02-143.2 SUSE Linux Enterprise Server for SAP 12-SP4 (src): grub2-2.02-143.2 SUSE Linux Enterprise Server 12-SP5 (src): grub2-2.02-143.2 SUSE Linux Enterprise Server 12-SP4-LTSS (src): grub2-2.02-143.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2064-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 JIRA References: Sources used: openSUSE Leap 15.3 (src): grub2-2.04-150300.22.20.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): grub2-2.04-150300.22.20.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src): grub2-2.04-150300.22.20.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): grub2-2.04-150300.22.20.2 SUSE Linux Enterprise Micro 5.2 (src): grub2-2.04-150300.22.20.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2074-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 JIRA References: Sources used: SUSE Manager Server 4.1 (src): grub2-2.04-150200.9.63.2 SUSE Manager Retail Branch Server 4.1 (src): grub2-2.04-150200.9.63.2 SUSE Manager Proxy 4.1 (src): grub2-2.04-150200.9.63.2 SUSE Linux Enterprise Server for SAP 15-SP2 (src): grub2-2.04-150200.9.63.2 SUSE Linux Enterprise Server 15-SP2-LTSS (src): grub2-2.04-150200.9.63.2 SUSE Linux Enterprise Server 15-SP2-BCL (src): grub2-2.04-150200.9.63.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): grub2-2.04-150200.9.63.2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): grub2-2.04-150200.9.63.2 SUSE Enterprise Storage 7 (src): grub2-2.04-150200.9.63.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2073-1: An update that solves 7 vulnerabilities and has 14 fixes is now available. Category: security (important) Bug References: 1071559,1159205,1179981,1189769,1189874,1191184,1191185,1191186,1191504,1191974,1192522,1192622,1193282,1193532,1195204,1197948,1198460,1198493,1198495,1198496,1198581 CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 JIRA References: Sources used: SUSE Linux Enterprise Micro 5.1 (src): grub2-2.04-150300.3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Bulk-re-assigning to the new bootloader-maintainers@suse.de group. done, fixed |
Created attachment 852852 [details] 0006-png-avoid-heap-OOB-R-W-inserting-huff-table-items.patch patch from keybase bundle