Security update for grub2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2375-1 Final 1 1 2015-12-26T20:45:37Z current 2015-12-26T20:45:37Z 2015-12-26T20:45:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for grub2 This update for grub2 fixes the following issue: Changes in grub2: - CVE-2015-8370: Fix for overflow in grub_password_get and grub_user_get functions (bnc#956631) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html E-Mail link for openSUSE-SU-2015:2375-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings grub2-2.00-39.11.1 grub2-i386-efi-2.00-39.11.1 grub2-i386-pc-2.00-39.11.1 grub2-x86_64-efi-2.00-39.11.1 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. CVE-2015-8370 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html https://www.suse.com/security/cve/CVE-2015-8370.html CVE-2015-8370 https://bugzilla.suse.com/956631 SUSE Bug 956631