Security update for grub2

SUSE Security Update: Security update for grub2
Announcement ID: SUSE-SU-2015:2387-1
Rating: important
References: #774666 #917427 #946148 #952539 #954126 #954519 #955493 #955609 #956631
Affected Products:
  • SUSE Linux Enterprise Server 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that solves one vulnerability and has 8 fixes is now available.

    Description:



    - Fix buffer overflows when reading username and password. (bsc#956631,
    CVE-2015-8370)
    - Check MS-DOS header to find PE file header. (bsc#954126)
    - Use dirname for copying Xen kernel and initrd to esp. (bsc#955493)
    - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty.
    (bsc#954519)
    - Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support
    LUKS partition in default setup. (bsc#917427, bsc#955609)
    - Expand list of grub.cfg search path in PV Xen guests for systems
    installed on btrfs snapshots. (bsc#946148, bsc#952539)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 12-SP1:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1027=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1027=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
      • grub2-2.02~beta2-73.3
      • grub2-debuginfo-2.02~beta2-73.3
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le):
      • grub2-powerpc-ieee1275-2.02~beta2-73.3
    • SUSE Linux Enterprise Server 12-SP1 (x86_64):
      • grub2-i386-pc-2.02~beta2-73.3
      • grub2-x86_64-efi-2.02~beta2-73.3
      • grub2-x86_64-xen-2.02~beta2-73.3
    • SUSE Linux Enterprise Server 12-SP1 (noarch):
      • grub2-snapper-plugin-2.02~beta2-73.3
    • SUSE Linux Enterprise Server 12-SP1 (s390x):
      • grub2-debugsource-2.02~beta2-73.3
      • grub2-s390x-emu-2.02~beta2-73.3
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • grub2-2.02~beta2-73.3
      • grub2-debuginfo-2.02~beta2-73.3
      • grub2-i386-pc-2.02~beta2-73.3
      • grub2-x86_64-efi-2.02~beta2-73.3
      • grub2-x86_64-xen-2.02~beta2-73.3
    • SUSE Linux Enterprise Desktop 12-SP1 (noarch):
      • grub2-snapper-plugin-2.02~beta2-73.3

    References: