Security update for grub2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1282-1 Final 1 1 2020-08-29T10:23:49Z current 2020-08-29T10:23:49Z 2020-08-29T10:23:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for grub2 This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1282 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UGKES3MGRD44EG6DD3EOHLZZXMVRVSC3/ E-Mail link for openSUSE-SU-2020:1282-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172745 SUSE Bug 1172745 https://bugzilla.suse.com/1174421 SUSE Bug 1174421 https://www.suse.com/security/cve/CVE-2020-15705/ SUSE CVE CVE-2020-15705 page openSUSE Leap 15.2 grub2-2.04-lp152.7.9.1 grub2-branding-upstream-2.04-lp152.7.9.1 grub2-i386-efi-2.04-lp152.7.9.1 grub2-i386-efi-debug-2.04-lp152.7.9.1 grub2-i386-pc-2.04-lp152.7.9.1 grub2-i386-pc-debug-2.04-lp152.7.9.1 grub2-i386-xen-2.04-lp152.7.9.1 grub2-snapper-plugin-2.04-lp152.7.9.1 grub2-systemd-sleep-plugin-2.04-lp152.7.9.1 grub2-x86_64-efi-2.04-lp152.7.9.1 grub2-x86_64-efi-debug-2.04-lp152.7.9.1 grub2-x86_64-xen-2.04-lp152.7.9.1 grub2-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-branding-upstream-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-i386-efi-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-i386-efi-debug-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-i386-pc-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-i386-pc-debug-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-i386-xen-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-snapper-plugin-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-systemd-sleep-plugin-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-x86_64-efi-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-x86_64-efi-debug-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 grub2-x86_64-xen-2.04-lp152.7.9.1 as a component of openSUSE Leap 15.2 GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. CVE-2020-15705 openSUSE Leap 15.2:grub2-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-branding-upstream-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-i386-efi-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-i386-efi-debug-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-i386-pc-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-i386-pc-debug-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-i386-xen-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-snapper-plugin-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-systemd-sleep-plugin-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-x86_64-efi-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-x86_64-efi-debug-2.04-lp152.7.9.1 openSUSE Leap 15.2:grub2-x86_64-xen-2.04-lp152.7.9.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UGKES3MGRD44EG6DD3EOHLZZXMVRVSC3/ https://www.suse.com/security/cve/CVE-2020-15705.html CVE-2020-15705 https://bugzilla.suse.com/1174421 SUSE Bug 1174421 https://bugzilla.suse.com/1182890 SUSE Bug 1182890