SUSE-SU-2023:4130-1

UNKNOWN

Security update for grub2

Published Oct 19, 2023

Modified 2 years ago

Fix available

Details

This update for grub2 fixes the following issues:

CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)

Affected Packages

grub2

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.04-150300.22.43.1

grub2-arm64-efi

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.04-150300.22.43.1

grub2-i386-pc

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.04-150300.22.43.1

grub2-powerpc-ieee1275

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP3

Fixed in:

2.04-150300.22.43.1

grub2-snapper-plugin

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.04-150300.22.43.1

grub2-systemd-sleep-plugin

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP3

Fixed in:

2.04-150300.22.43.1

grub2-x86_64-efi

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.04-150300.22.43.1

grub2-x86_64-xen

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.04-150300.22.43.1

grub2-s390x-emu

SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSSSUSE Manager Server 4.2

Fixed in:

2.04-150300.22.43.1

References

https://bugzilla.suse.com/1215935

https://bugzilla.suse.com/1215936

https://www.suse.com/security/cve/CVE-2023-4692

https://www.suse.com/security/cve/CVE-2023-4693

https://www.suse.com/support/update/announcement/2023/suse-su-20234130-1/

Upstream

CVE-2023-4692 CVE-2023-4693

Related

CVE-2023-4692 CVE-2023-4693

Ecosystems(9)

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15 SP3-LTSS

Timeline

PublishedOct 19, 2023

ModifiedOct 19, 2023

SUSE-SU-2023:4130-1 | Mondoo Vulnerability Intelligence