Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-8370 (GCVE-0-2015-8370)
Vulnerability from cvelistv5
Published
2015-12-16 00:00
Modified
2024-10-21 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"name": "openSUSE-SU-2015:2392",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0036",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"name": "79358",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79358"
},
{
"name": "openSUSE-SU-2015:2375",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"name": "1034422",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034422"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:2387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"name": "SUSE-SU-2015:2386",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"name": "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"name": "SUSE-SU-2015:2385",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"name": "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"name": "GLSA-201512-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-03"
},
{
"name": "FEDORA-2015-cebe5133e7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"name": "USN-2836-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2836-1"
},
{
"name": "FEDORA-2015-90c27b6e91",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"name": "RHSA-2015:2623",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"name": "SUSE-SU-2015:2399",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"name": "DSA-3421",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-8370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T21:01:48.674436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:51:57.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T00:06:19.101867",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"name": "openSUSE-SU-2015:2392",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0036",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"name": "79358",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/79358"
},
{
"name": "openSUSE-SU-2015:2375",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"name": "1034422",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034422"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:2387",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"name": "SUSE-SU-2015:2386",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"name": "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"name": "SUSE-SU-2015:2385",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"name": "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"name": "GLSA-201512-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-03"
},
{
"name": "FEDORA-2015-cebe5133e7",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"name": "USN-2836-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2836-1"
},
{
"name": "FEDORA-2015-90c27b6e91",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"name": "RHSA-2015:2623",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"name": "SUSE-SU-2015:2399",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"name": "DSA-3421",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8370",
"datePublished": "2015-12-16T00:00:00",
"dateReserved": "2015-11-27T00:00:00",
"dateUpdated": "2024-10-21T16:51:57.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-8370\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-12-16T21:59:04.063\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \\\"Off-by-two\\\" or \\\"Out of bounds overwrite\\\" memory error.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versi\u00f3n 2.02 permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la autenticaci\u00f3n, obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de disco) a trav\u00e9s del car\u00e1cter backspace en la funci\u00f3n (1) grub_username_get en grub-core/normal/auth.c o (2) grub_password_get en lib/crypto.c, lo que desencadena un error de memoria \u0027Off-by-two\u0027 o \u0027Out of bounds overwrite\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936B2F89-3A97-46A8-B776-CF605C192CA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FB62F6A-8B42-4186-99AF-2A07050EB19E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3AB3BF3-95F2-43C6-8445-4B749135BE8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C7F246-9B64-49C4-B358-C5A62C3A2458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEB4A3C-A448-4C7D-8F08-57940E13BB6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}]}]}],\"references\":[{\"url\":\"http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2623.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Dec/69\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3421\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/15/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/15/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/537115/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/79358\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1034422\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2836-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201512-03\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2623.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Dec/69\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/15/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/15/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/537115/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/79358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2836-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201512-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html\", \"name\": \"openSUSE-SU-2015:2392\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html\", \"name\": \"openSUSE-SU-2016:0036\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/79358\", \"name\": \"79358\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html\", \"name\": \"openSUSE-SU-2015:2375\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1034422\", \"name\": \"1034422\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html\", \"name\": \"SUSE-SU-2015:2387\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html\", \"name\": \"SUSE-SU-2015:2386\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/15/6\", \"name\": \"[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/537115/100/0/threaded\", \"name\": \"20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html\", \"name\": \"SUSE-SU-2015:2385\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Dec/69\", \"name\": \"20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201512-03\", \"name\": \"GLSA-201512-03\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html\", \"name\": \"FEDORA-2015-cebe5133e7\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2836-1\", \"name\": \"USN-2836-1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html\", \"name\": \"FEDORA-2015-90c27b6e91\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2623.html\", \"name\": \"RHSA-2015:2623\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html\", \"name\": \"SUSE-SU-2015:2399\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3421\", \"name\": \"DSA-3421\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/15/3\", \"name\": \"[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T08:13:32.834Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2015-8370\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-06T21:01:48.674436Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-191\", \"description\": \"CWE-191 Integer Underflow (Wrap or Wraparound)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T16:51:53.221Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2015-12-10T00:00:00\", \"references\": [{\"url\": \"http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html\", \"name\": \"openSUSE-SU-2015:2392\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html\", \"name\": \"openSUSE-SU-2016:0036\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html\"}, {\"url\": \"http://www.securityfocus.com/bid/79358\", \"name\": \"79358\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html\", \"name\": \"openSUSE-SU-2015:2375\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034422\", \"name\": \"1034422\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html\", \"name\": \"SUSE-SU-2015:2387\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html\", \"name\": \"SUSE-SU-2015:2386\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/15/6\", \"name\": \"[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/537115/100/0/threaded\", \"name\": \"20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html\", \"name\": \"SUSE-SU-2015:2385\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Dec/69\", \"name\": \"20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/201512-03\", \"name\": \"GLSA-201512-03\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html\", \"name\": \"FEDORA-2015-cebe5133e7\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2836-1\", \"name\": \"USN-2836-1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html\", \"name\": \"FEDORA-2015-90c27b6e91\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2623.html\", \"name\": \"RHSA-2015:2623\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html\", \"name\": \"SUSE-SU-2015:2399\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3421\", \"name\": \"DSA-3421\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/15/3\", \"name\": \"[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \\\"Off-by-two\\\" or \\\"Out of bounds overwrite\\\" memory error.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-01-16T00:06:19.101867\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2015-8370\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T16:51:57.721Z\", \"dateReserved\": \"2015-11-27T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2015-12-16T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2015-8370
Vulnerability from fkie_nvd
Published
2015-12-16 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html | Exploit | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2623.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2015/Dec/69 | ||
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3421 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/15/6 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2024/01/15/3 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Patch | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/537115/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/79358 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1034422 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2836-1 | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201512-03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2623.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2015/Dec/69 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3421 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/15/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/01/15/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/537115/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/79358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034422 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2836-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201512-03 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*",
"matchCriteriaId": "936B2F89-3A97-46A8-B776-CF605C192CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB62F6A-8B42-4186-99AF-2A07050EB19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AB3BF3-95F2-43C6-8445-4B749135BE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C7F246-9B64-49C4-B358-C5A62C3A2458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEB4A3C-A448-4C7D-8F08-57940E13BB6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."
},
{
"lang": "es",
"value": "M\u00faltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versi\u00f3n 2.02 permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la autenticaci\u00f3n, obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de disco) a trav\u00e9s del car\u00e1cter backspace en la funci\u00f3n (1) grub_username_get en grub-core/normal/auth.c o (2) grub_password_get en lib/crypto.c, lo que desencadena un error de memoria \u0027Off-by-two\u0027 o \u0027Out of bounds overwrite\u0027."
}
],
"id": "CVE-2015-8370",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2015-12-16T21:59:04.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79358"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034422"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2836-1"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201512-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2836-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
ghsa-jjvg-65v4-v3cq
Vulnerability from github
Published
2022-05-14 02:47
Modified
2024-10-21 18:30
Severity ?
VLAI Severity ?
Details
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
{
"affected": [],
"aliases": [
"CVE-2015-8370"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-12-16T21:59:00Z",
"severity": "MODERATE"
},
"details": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"id": "GHSA-jjvg-65v4-v3cq",
"modified": "2024-10-21T18:30:44Z",
"published": "2022-05-14T02:47:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201512-03"
},
{
"type": "WEB",
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/79358"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034422"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2836-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cnvd-2015-08408
Vulnerability from cnvd
Title
Grub2整数溢出漏洞
Description
GNU GRUB是GNU计划开发的一套GNU项目的启动引导程序。Grub2是其中的一个增强版。
Grub2 grub-core/normal/auth.c文件中的‘grub_username_get’函数和lib/crypto.c文件中的‘grub_password_get’函数中的退格字符处理存在安全漏洞,允许攻击者利用漏洞获取敏感信息或造进行拒绝服务攻击。
Severity
中
VLAI Severity ?
Patch Name
Grub2整数溢出漏洞的补丁
Patch Description
GNU GRUB是GNU计划开发的一套GNU项目的启动引导程序。Grub2是其中的一个增强版。
Grub2 grub-core/normal/auth.c文件中的‘grub_username_get’函数和lib/crypto.c文件中的‘grub_password_get’函数中的退格字符处理存在安全漏洞,允许攻击者利用漏洞获取敏感信息或造进行拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://www.gnu.org/
Reference
http://www.openwall.com/lists/oss-security/2015/12/15/6
Impacted products
| Name | GNU GRUB2 1.98-2.02 |
|---|
{
"bids": {
"bid": {
"bidNumber": "79358"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2015-8370"
}
},
"description": "GNU GRUB\u662fGNU\u8ba1\u5212\u5f00\u53d1\u7684\u4e00\u5957GNU\u9879\u76ee\u7684\u542f\u52a8\u5f15\u5bfc\u7a0b\u5e8f\u3002Grub2\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u589e\u5f3a\u7248\u3002\r\n\r\nGrub2 grub-core/normal/auth.c\u6587\u4ef6\u4e2d\u7684\u2018grub_username_get\u2019\u51fd\u6570\u548clib/crypto.c\u6587\u4ef6\u4e2d\u7684\u2018grub_password_get\u2019\u51fd\u6570\u4e2d\u7684\u9000\u683c\u5b57\u7b26\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u9020\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"discovererName": "Hector Marco and Ismael Ripoll.",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.gnu.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-08408",
"openTime": "2015-12-23",
"patchDescription": "GNU GRUB\u662fGNU\u8ba1\u5212\u5f00\u53d1\u7684\u4e00\u5957GNU\u9879\u76ee\u7684\u542f\u52a8\u5f15\u5bfc\u7a0b\u5e8f\u3002Grub2\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u589e\u5f3a\u7248\u3002\r\n\r\nGrub2 grub-core/normal/auth.c\u6587\u4ef6\u4e2d\u7684\u2018grub_username_get\u2019\u51fd\u6570\u548clib/crypto.c\u6587\u4ef6\u4e2d\u7684\u2018grub_password_get\u2019\u51fd\u6570\u4e2d\u7684\u9000\u683c\u5b57\u7b26\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u9020\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Grub2\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "GNU GRUB2 1.98-2.02"
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2015/12/15/6",
"serverity": "\u4e2d",
"submitTime": "2015-12-20",
"title": "Grub2\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}
gsd-2015-8370
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-8370",
"description": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"id": "GSD-2015-8370",
"references": [
"https://www.suse.com/security/cve/CVE-2015-8370.html",
"https://www.debian.org/security/2015/dsa-3421",
"https://access.redhat.com/errata/RHSA-2015:2623",
"https://ubuntu.com/security/CVE-2015-8370",
"https://advisories.mageia.org/CVE-2015-8370.html",
"https://linux.oracle.com/cve/CVE-2015-8370.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-8370"
],
"details": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"id": "GSD-2015-8370",
"modified": "2023-12-13T01:20:03.472910Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"name": "openSUSE-SU-2015:2392",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"name": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html",
"refsource": "MISC",
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"name": "79358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79358"
},
{
"name": "openSUSE-SU-2015:2375",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"name": "1034422",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034422"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:2387",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"name": "SUSE-SU-2015:2386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"name": "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"name": "SUSE-SU-2015:2385",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"name": "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"name": "GLSA-201512-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-03"
},
{
"name": "FEDORA-2015-cebe5133e7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"name": "USN-2836-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2836-1"
},
{
"name": "FEDORA-2015-90c27b6e91",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"name": "RHSA-2015:2623",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"name": "SUSE-SU-2015:2399",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"name": "DSA-3421",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*",
"matchCriteriaId": "936B2F89-3A97-46A8-B776-CF605C192CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB62F6A-8B42-4186-99AF-2A07050EB19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AB3BF3-95F2-43C6-8445-4B749135BE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C7F246-9B64-49C4-B358-C5A62C3A2458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEB4A3C-A448-4C7D-8F08-57940E13BB6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."
},
{
"lang": "es",
"value": "M\u00faltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versi\u00f3n 2.02 permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la autenticaci\u00f3n, obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de disco) a trav\u00e9s del car\u00e1cter backspace en la funci\u00f3n (1) grub_username_get en grub-core/normal/auth.c o (2) grub_password_get en lib/crypto.c, lo que desencadena un error de memoria \u0027Off-by-two\u0027 o \u0027Out of bounds overwrite\u0027."
}
],
"id": "CVE-2015-8370",
"lastModified": "2024-01-16T01:15:33.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-16T21:59:04.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79358"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034422"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2836-1"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201512-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
CERTFR-2016-AVI-028
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Sun Systems Products Suite. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Switch ES1-24 versions ant\u00e9rieures \u00e0 1.3.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris Cluster versions 4.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 11 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris Cluster versions 3.3 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-0618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0618"
},
{
"name": "CVE-2015-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
},
{
"name": "CVE-2016-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0465"
},
{
"name": "CVE-2016-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0440"
},
{
"name": "CVE-2015-4922",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4922"
},
{
"name": "CVE-2016-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0419"
},
{
"name": "CVE-2016-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0458"
},
{
"name": "CVE-2016-0428",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0428"
},
{
"name": "CVE-2016-0414",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0414"
},
{
"name": "CVE-2015-4920",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4920"
},
{
"name": "CVE-2016-0535",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0535"
},
{
"name": "CVE-2016-0405",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0405"
},
{
"name": "CVE-2016-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0431"
},
{
"name": "CVE-2016-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0416"
},
{
"name": "CVE-2016-0493",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0493"
},
{
"name": "CVE-2016-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0426"
},
{
"name": "CVE-2016-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0406"
},
{
"name": "CVE-2016-0418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0418"
},
{
"name": "CVE-2015-8370",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8370"
},
{
"name": "CVE-2016-0403",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0403"
},
{
"name": "CVE-2016-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0417"
}
],
"initial_release_date": "2016-01-20T00:00:00",
"last_revision_date": "2016-01-20T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-028",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Sun Systems Products Suite\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems Products Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 19 janvier 2016",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
}
]
}
opensuse-su-2024:10078-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
grub2-2.02~beta3-15.1 on GA media
Notes
Title of the patch
grub2-2.02~beta3-15.1 on GA media
Description of the patch
These are all security issues fixed in the grub2-2.02~beta3-15.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10078
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "grub2-2.02~beta3-15.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the grub2-2.02~beta3-15.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10078",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10078-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8370 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8370/"
}
],
"title": "grub2-2.02~beta3-15.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10078-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-2.02~beta3-15.1.aarch64",
"product_id": "grub2-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.aarch64",
"product_id": "grub2-branding-upstream-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-i386-efi-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-i386-efi-2.02~beta3-15.1.aarch64",
"product_id": "grub2-i386-efi-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-i386-pc-2.02~beta3-15.1.aarch64",
"product_id": "grub2-i386-pc-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-i386-xen-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-i386-xen-2.02~beta3-15.1.aarch64",
"product_id": "grub2-i386-xen-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.aarch64",
"product_id": "grub2-snapper-plugin-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64",
"product_id": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.aarch64",
"product_id": "grub2-x86_64-efi-2.02~beta3-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.02~beta3-15.1.aarch64",
"product": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.aarch64",
"product_id": "grub2-x86_64-xen-2.02~beta3-15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-branding-upstream-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-i386-efi-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-i386-efi-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-i386-efi-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-i386-pc-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-i386-pc-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-i386-xen-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-i386-xen-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-i386-xen-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-snapper-plugin-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-x86_64-efi-2.02~beta3-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.02~beta3-15.1.ppc64le",
"product": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.ppc64le",
"product_id": "grub2-x86_64-xen-2.02~beta3-15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-2.02~beta3-15.1.s390x",
"product_id": "grub2-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.s390x",
"product_id": "grub2-branding-upstream-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-i386-efi-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-i386-efi-2.02~beta3-15.1.s390x",
"product_id": "grub2-i386-efi-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-i386-pc-2.02~beta3-15.1.s390x",
"product_id": "grub2-i386-pc-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-i386-xen-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-i386-xen-2.02~beta3-15.1.s390x",
"product_id": "grub2-i386-xen-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.s390x",
"product_id": "grub2-snapper-plugin-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x",
"product_id": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.s390x",
"product_id": "grub2-x86_64-efi-2.02~beta3-15.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.02~beta3-15.1.s390x",
"product": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.s390x",
"product_id": "grub2-x86_64-xen-2.02~beta3-15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-2.02~beta3-15.1.x86_64",
"product_id": "grub2-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.x86_64",
"product_id": "grub2-branding-upstream-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-efi-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-i386-efi-2.02~beta3-15.1.x86_64",
"product_id": "grub2-i386-efi-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-i386-pc-2.02~beta3-15.1.x86_64",
"product_id": "grub2-i386-pc-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-xen-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-i386-xen-2.02~beta3-15.1.x86_64",
"product_id": "grub2-i386-xen-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.x86_64",
"product_id": "grub2-snapper-plugin-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64",
"product_id": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.x86_64",
"product_id": "grub2-x86_64-efi-2.02~beta3-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.02~beta3-15.1.x86_64",
"product": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.x86_64",
"product_id": "grub2-x86_64-xen-2.02~beta3-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-branding-upstream-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-branding-upstream-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-branding-upstream-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-branding-upstream-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-efi-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-i386-efi-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-efi-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-i386-efi-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-efi-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-i386-efi-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-efi-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-i386-efi-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-i386-pc-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-i386-pc-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-i386-pc-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-xen-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-i386-xen-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-xen-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-i386-xen-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-xen-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-i386-xen-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-xen-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-i386-xen-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-snapper-plugin-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-snapper-plugin-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-snapper-plugin-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-snapper-plugin-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-x86_64-efi-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-x86_64-efi-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.aarch64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta3-15.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.ppc64le"
},
"product_reference": "grub2-x86_64-xen-2.02~beta3-15.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.s390x"
},
"product_reference": "grub2-x86_64-xen-2.02~beta3-15.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta3-15.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta3-15.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8370"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8370",
"url": "https://www.suse.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "SUSE Bug 956631 for CVE-2015-8370",
"url": "https://bugzilla.suse.com/956631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-i386-efi-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-i386-xen-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.02~beta3-15.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.02~beta3-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8370"
}
]
}
rhsa-2015:2623
Vulnerability from csaf_redhat
Published
2015-12-15 10:01
Modified
2025-10-09 15:38
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
Updated grub2 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
[Updated 27 January 2016]
This advisory has been updated to document additional steps that need to be
performed on BIOS-based systems after installing this update. No changes
were made to the packages included in the advisory.
Details
The grub2 packages provide version 2 of the Grand Unified Bootloader
(GRUB), a highly configurable and customizable bootloader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system. (CVE-2015-8370)
This update also fixes the following bug:
* When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a
configured boot password was not correctly migrated to the newly introduced
user.cfg configuration files. This could possibly prevent system
administrators from changing grub2 configuration during system boot even if
they provided the correct password. This update corrects the password
migration script and the incorrectly generated user.cfg file. (BZ#1290089)
All grub2 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For this update to take
effect on BIOS-based machines, grub2 needs to be reinstalled as documented
in the "Reinstalling GRUB 2 on BIOS-Based Machines" section of the Red Hat
Enterprise Linux 7 System Administrator's Guide linked to in the References
section. No manual action is needed on UEFI-based machines.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated grub2 packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.\n\n[Updated 27 January 2016]\nThis advisory has been updated to document additional steps that need to be\nperformed on BIOS-based systems after installing this update. No changes\nwere made to the packages included in the advisory.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Bootloader\n(GRUB), a highly configurable and customizable bootloader with modular\narchitecture. The packages support a variety of kernel formats, file\nsystems, computer architectures, and hardware devices.\n\nA flaw was found in the way the grub2 handled backspace characters entered\nin username and password prompts. An attacker with access to the system\nconsole could use this flaw to bypass grub2 password protection and gain\nadministrative access to the system. (CVE-2015-8370)\n\nThis update also fixes the following bug:\n\n* When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a\nconfigured boot password was not correctly migrated to the newly introduced\nuser.cfg configuration files. This could possibly prevent system\nadministrators from changing grub2 configuration during system boot even if\nthey provided the correct password. This update corrects the password\nmigration script and the incorrectly generated user.cfg file. (BZ#1290089)\n\nAll grub2 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For this update to take\neffect on BIOS-based machines, grub2 needs to be reinstalled as documented\nin the \"Reinstalling GRUB 2 on BIOS-Based Machines\" section of the Red Hat\nEnterprise Linux 7 System Administrator\u0027s Guide linked to in the References\nsection. No manual action is needed on UEFI-based machines.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:2623",
"url": "https://access.redhat.com/errata/RHSA-2015:2623"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Reinstalling_GRUB_2.html#sec-grub2-reinstall_on_BIOS-Based_Machines",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Reinstalling_GRUB_2.html#sec-grub2-reinstall_on_BIOS-Based_Machines"
},
{
"category": "external",
"summary": "1286966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"
},
{
"category": "external",
"summary": "1290089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290089"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2623.json"
}
],
"title": "Red Hat Security Advisory: grub2 security and bug fix update",
"tracking": {
"current_release_date": "2025-10-09T15:38:37+00:00",
"generator": {
"date": "2025-10-09T15:38:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2015:2623",
"initial_release_date": "2015-12-15T10:01:55+00:00",
"revision_history": [
{
"date": "2015-12-15T10:01:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-27T09:30:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T15:38:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-modules@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.src",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.src",
"product_id": "grub2-1:2.02-0.33.el7_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1286966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: buffer overflow when checking password entered during bootup",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "RHBZ#1286966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8370",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370"
},
{
"category": "external",
"summary": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html",
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
}
],
"release_date": "2015-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-12-15T10:01:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: buffer overflow when checking password entered during bootup"
}
]
}
rhsa-2015_2623
Vulnerability from csaf_redhat
Published
2015-12-15 10:01
Modified
2024-11-22 09:40
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
Updated grub2 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
[Updated 27 January 2016]
This advisory has been updated to document additional steps that need to be
performed on BIOS-based systems after installing this update. No changes
were made to the packages included in the advisory.
Details
The grub2 packages provide version 2 of the Grand Unified Bootloader
(GRUB), a highly configurable and customizable bootloader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system. (CVE-2015-8370)
This update also fixes the following bug:
* When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a
configured boot password was not correctly migrated to the newly introduced
user.cfg configuration files. This could possibly prevent system
administrators from changing grub2 configuration during system boot even if
they provided the correct password. This update corrects the password
migration script and the incorrectly generated user.cfg file. (BZ#1290089)
All grub2 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For this update to take
effect on BIOS-based machines, grub2 needs to be reinstalled as documented
in the "Reinstalling GRUB 2 on BIOS-Based Machines" section of the Red Hat
Enterprise Linux 7 System Administrator's Guide linked to in the References
section. No manual action is needed on UEFI-based machines.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated grub2 packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.\n\n[Updated 27 January 2016]\nThis advisory has been updated to document additional steps that need to be\nperformed on BIOS-based systems after installing this update. No changes\nwere made to the packages included in the advisory.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Bootloader\n(GRUB), a highly configurable and customizable bootloader with modular\narchitecture. The packages support a variety of kernel formats, file\nsystems, computer architectures, and hardware devices.\n\nA flaw was found in the way the grub2 handled backspace characters entered\nin username and password prompts. An attacker with access to the system\nconsole could use this flaw to bypass grub2 password protection and gain\nadministrative access to the system. (CVE-2015-8370)\n\nThis update also fixes the following bug:\n\n* When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a\nconfigured boot password was not correctly migrated to the newly introduced\nuser.cfg configuration files. This could possibly prevent system\nadministrators from changing grub2 configuration during system boot even if\nthey provided the correct password. This update corrects the password\nmigration script and the incorrectly generated user.cfg file. (BZ#1290089)\n\nAll grub2 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For this update to take\neffect on BIOS-based machines, grub2 needs to be reinstalled as documented\nin the \"Reinstalling GRUB 2 on BIOS-Based Machines\" section of the Red Hat\nEnterprise Linux 7 System Administrator\u0027s Guide linked to in the References\nsection. No manual action is needed on UEFI-based machines.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:2623",
"url": "https://access.redhat.com/errata/RHSA-2015:2623"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Reinstalling_GRUB_2.html#sec-grub2-reinstall_on_BIOS-Based_Machines",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Reinstalling_GRUB_2.html#sec-grub2-reinstall_on_BIOS-Based_Machines"
},
{
"category": "external",
"summary": "1286966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"
},
{
"category": "external",
"summary": "1290089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290089"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2623.json"
}
],
"title": "Red Hat Security Advisory: grub2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T09:40:12+00:00",
"generator": {
"date": "2024-11-22T09:40:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:2623",
"initial_release_date": "2015-12-15T10:01:55+00:00",
"revision_history": [
{
"date": "2015-12-15T10:01:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-27T09:30:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:40:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-modules@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.src",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.src",
"product_id": "grub2-1:2.02-0.33.el7_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1286966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: buffer overflow when checking password entered during bootup",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "RHBZ#1286966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8370",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370"
},
{
"category": "external",
"summary": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html",
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
}
],
"release_date": "2015-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-12-15T10:01:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: buffer overflow when checking password entered during bootup"
}
]
}
RHSA-2015:2623
Vulnerability from csaf_redhat
Published
2015-12-15 10:01
Modified
2025-10-09 15:38
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
Updated grub2 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
[Updated 27 January 2016]
This advisory has been updated to document additional steps that need to be
performed on BIOS-based systems after installing this update. No changes
were made to the packages included in the advisory.
Details
The grub2 packages provide version 2 of the Grand Unified Bootloader
(GRUB), a highly configurable and customizable bootloader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system. (CVE-2015-8370)
This update also fixes the following bug:
* When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a
configured boot password was not correctly migrated to the newly introduced
user.cfg configuration files. This could possibly prevent system
administrators from changing grub2 configuration during system boot even if
they provided the correct password. This update corrects the password
migration script and the incorrectly generated user.cfg file. (BZ#1290089)
All grub2 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For this update to take
effect on BIOS-based machines, grub2 needs to be reinstalled as documented
in the "Reinstalling GRUB 2 on BIOS-Based Machines" section of the Red Hat
Enterprise Linux 7 System Administrator's Guide linked to in the References
section. No manual action is needed on UEFI-based machines.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated grub2 packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.\n\n[Updated 27 January 2016]\nThis advisory has been updated to document additional steps that need to be\nperformed on BIOS-based systems after installing this update. No changes\nwere made to the packages included in the advisory.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Bootloader\n(GRUB), a highly configurable and customizable bootloader with modular\narchitecture. The packages support a variety of kernel formats, file\nsystems, computer architectures, and hardware devices.\n\nA flaw was found in the way the grub2 handled backspace characters entered\nin username and password prompts. An attacker with access to the system\nconsole could use this flaw to bypass grub2 password protection and gain\nadministrative access to the system. (CVE-2015-8370)\n\nThis update also fixes the following bug:\n\n* When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a\nconfigured boot password was not correctly migrated to the newly introduced\nuser.cfg configuration files. This could possibly prevent system\nadministrators from changing grub2 configuration during system boot even if\nthey provided the correct password. This update corrects the password\nmigration script and the incorrectly generated user.cfg file. (BZ#1290089)\n\nAll grub2 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For this update to take\neffect on BIOS-based machines, grub2 needs to be reinstalled as documented\nin the \"Reinstalling GRUB 2 on BIOS-Based Machines\" section of the Red Hat\nEnterprise Linux 7 System Administrator\u0027s Guide linked to in the References\nsection. No manual action is needed on UEFI-based machines.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:2623",
"url": "https://access.redhat.com/errata/RHSA-2015:2623"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Reinstalling_GRUB_2.html#sec-grub2-reinstall_on_BIOS-Based_Machines",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Reinstalling_GRUB_2.html#sec-grub2-reinstall_on_BIOS-Based_Machines"
},
{
"category": "external",
"summary": "1286966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"
},
{
"category": "external",
"summary": "1290089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290089"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2623.json"
}
],
"title": "Red Hat Security Advisory: grub2 security and bug fix update",
"tracking": {
"current_release_date": "2025-10-09T15:38:37+00:00",
"generator": {
"date": "2025-10-09T15:38:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2015:2623",
"initial_release_date": "2015-12-15T10:01:55+00:00",
"revision_history": [
{
"date": "2015-12-15T10:01:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-27T09:30:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T15:38:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-modules@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.x86_64",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64",
"product_id": "grub2-1:2.02-0.33.el7_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.src",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.src",
"product_id": "grub2-1:2.02-0.33.el7_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product_id": "grub2-1:2.02-0.33.el7_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-0.33.el7_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Client-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.src",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-0.33.el7_2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
},
"product_reference": "grub2-tools-1:2.02-0.33.el7_2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1286966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: buffer overflow when checking password entered during bootup",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "RHBZ#1286966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8370",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370"
},
{
"category": "external",
"summary": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html",
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
}
],
"release_date": "2015-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-12-15T10:01:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Client-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Client-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7ComputeNode-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7ComputeNode-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Server-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Server-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.src",
"7Workstation-optional-7.2.Z:grub2-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-debuginfo-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-efi-modules-1:2.02-0.33.el7_2.x86_64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.ppc64le",
"7Workstation-optional-7.2.Z:grub2-tools-1:2.02-0.33.el7_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: buffer overflow when checking password entered during bootup"
}
]
}
suse-su-2015:2399-1
Vulnerability from csaf_suse
Published
2015-12-30 07:31
Modified
2015-12-30 07:31
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 provides the following fixes and enhancements:
Security issue fixed:
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
Non security issues fixed:
- Expand list of grub.cfg search path in PV Xen guests for systems installed
on btrfs snapshots. (bsc#946148, bsc#952539)
- Add --image switch to force zipl update to specific kernel. (bsc#928131)
- Do not use shim lock protocol for reading PE header as it won't be available
when secure boot is disabled. (bsc#943380)
- Make firmware flaw condition be more precisely detected and add debug message
for the case.
Patchnames
SUSE-SLE-DESKTOP-12-2015-1032,SUSE-SLE-SERVER-12-2015-1032
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grub2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grub2 provides the following fixes and enhancements:\n\nSecurity issue fixed:\n- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)\n\nNon security issues fixed:\n- Expand list of grub.cfg search path in PV Xen guests for systems installed\n on btrfs snapshots. (bsc#946148, bsc#952539)\n- Add --image switch to force zipl update to specific kernel. (bsc#928131)\n- Do not use shim lock protocol for reading PE header as it won\u0027t be available\n when secure boot is disabled. (bsc#943380)\n- Make firmware flaw condition be more precisely detected and add debug message\n for the case.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-1032,SUSE-SLE-SERVER-12-2015-1032",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2399-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2399-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152399-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2399-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001770.html"
},
{
"category": "self",
"summary": "SUSE Bug 928131",
"url": "https://bugzilla.suse.com/928131"
},
{
"category": "self",
"summary": "SUSE Bug 943380",
"url": "https://bugzilla.suse.com/943380"
},
{
"category": "self",
"summary": "SUSE Bug 946148",
"url": "https://bugzilla.suse.com/946148"
},
{
"category": "self",
"summary": "SUSE Bug 952539",
"url": "https://bugzilla.suse.com/952539"
},
{
"category": "self",
"summary": "SUSE Bug 956631",
"url": "https://bugzilla.suse.com/956631"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8370 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8370/"
}
],
"title": "Security update for grub2",
"tracking": {
"current_release_date": "2015-12-30T07:31:00Z",
"generator": {
"date": "2015-12-30T07:31:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2399-1",
"initial_release_date": "2015-12-30T07:31:00Z",
"revision_history": [
{
"date": "2015-12-30T07:31:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"product": {
"name": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"product_id": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta2-56.9.4.ppc64le",
"product": {
"name": "grub2-2.02~beta2-56.9.4.ppc64le",
"product_id": "grub2-2.02~beta2-56.9.4.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"product": {
"name": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"product_id": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta2-56.9.4.s390x",
"product": {
"name": "grub2-2.02~beta2-56.9.4.s390x",
"product_id": "grub2-2.02~beta2-56.9.4.s390x"
}
},
{
"category": "product_version",
"name": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"product": {
"name": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"product_id": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta2-56.9.4.x86_64",
"product": {
"name": "grub2-2.02~beta2-56.9.4.x86_64",
"product_id": "grub2-2.02~beta2-56.9.4.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"product": {
"name": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"product_id": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"product": {
"name": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"product_id": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"product": {
"name": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"product_id": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:grub2-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch"
},
"product_reference": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.ppc64le"
},
"product_reference": "grub2-2.02~beta2-56.9.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.s390x"
},
"product_reference": "grub2-2.02~beta2-56.9.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le"
},
"product_reference": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-s390x-emu-2.02~beta2-56.9.4.s390x"
},
"product_reference": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch"
},
"product_reference": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.ppc64le"
},
"product_reference": "grub2-2.02~beta2-56.9.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.s390x"
},
"product_reference": "grub2-2.02~beta2-56.9.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le"
},
"product_reference": "grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-s390x-emu-2.02~beta2-56.9.4.s390x"
},
"product_reference": "grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch"
},
"product_reference": "grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8370"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:grub2-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Desktop 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Desktop 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"SUSE Linux Enterprise Desktop 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Desktop 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server 12:grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"SUSE Linux Enterprise Server 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8370",
"url": "https://www.suse.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "SUSE Bug 956631 for CVE-2015-8370",
"url": "https://bugzilla.suse.com/956631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:grub2-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Desktop 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Desktop 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"SUSE Linux Enterprise Desktop 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Desktop 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server 12:grub2-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server 12:grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"SUSE Linux Enterprise Server 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-i386-pc-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-powerpc-ieee1275-2.02~beta2-56.9.4.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-s390x-emu-2.02~beta2-56.9.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-snapper-plugin-2.02~beta2-56.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-x86_64-efi-2.02~beta2-56.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:grub2-x86_64-xen-2.02~beta2-56.9.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-30T07:31:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8370"
}
]
}
suse-su-2015:2385-1
Vulnerability from csaf_suse
Published
2015-12-29 08:04
Modified
2015-12-29 08:04
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 provides the following fixes:
A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)
Also following bugs were fixed:
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
- Expand list of grub.cfg search path in PV Xen guests for systems installed
on btrfs snapshots. (bsc#946148, bsc#952539)
- Add grub.xen config searching path on boot partition. (bsc#884828)
- Add linux16 and initrd16 to grub.xen. (bsc#884830)
Patchnames
sledsp4-grub2-12288,slessp4-grub2-12288
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grub2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grub2 provides the following fixes:\n\nA security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)\n\nAlso following bugs were fixed:\n- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)\n- Expand list of grub.cfg search path in PV Xen guests for systems installed\n on btrfs snapshots. (bsc#946148, bsc#952539)\n- Add grub.xen config searching path on boot partition. (bsc#884828)\n- Add linux16 and initrd16 to grub.xen. (bsc#884830)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sledsp4-grub2-12288,slessp4-grub2-12288",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2385-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2385-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152385-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2385-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001766.html"
},
{
"category": "self",
"summary": "SUSE Bug 884828",
"url": "https://bugzilla.suse.com/884828"
},
{
"category": "self",
"summary": "SUSE Bug 884830",
"url": "https://bugzilla.suse.com/884830"
},
{
"category": "self",
"summary": "SUSE Bug 946148",
"url": "https://bugzilla.suse.com/946148"
},
{
"category": "self",
"summary": "SUSE Bug 952539",
"url": "https://bugzilla.suse.com/952539"
},
{
"category": "self",
"summary": "SUSE Bug 954592",
"url": "https://bugzilla.suse.com/954592"
},
{
"category": "self",
"summary": "SUSE Bug 956631",
"url": "https://bugzilla.suse.com/956631"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8370 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8370/"
}
],
"title": "Security update for grub2",
"tracking": {
"current_release_date": "2015-12-29T08:04:56Z",
"generator": {
"date": "2015-12-29T08:04:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2385-1",
"initial_release_date": "2015-12-29T08:04:56Z",
"revision_history": [
{
"date": "2015-12-29T08:04:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.00-0.54.2.x86_64",
"product": {
"name": "grub2-x86_64-efi-2.00-0.54.2.x86_64",
"product_id": "grub2-x86_64-efi-2.00-0.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.00-0.54.2.x86_64",
"product": {
"name": "grub2-x86_64-xen-2.00-0.54.2.x86_64",
"product_id": "grub2-x86_64-xen-2.00-0.54.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.54.2.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.54.2.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.54.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.54.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8370"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8370",
"url": "https://www.suse.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "SUSE Bug 956631 for CVE-2015-8370",
"url": "https://bugzilla.suse.com/956631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-efi-2.00-0.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-xen-2.00-0.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-29T08:04:56Z",
"details": "moderate"
}
],
"title": "CVE-2015-8370"
}
]
}
suse-su-2015:2387-1
Vulnerability from csaf_suse
Published
2015-12-29 08:05
Modified
2015-12-29 08:05
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
- Check MS-DOS header to find PE file header. (bsc#954126)
- Use dirname for copying Xen kernel and initrd to esp. (bsc#955493)
- Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519)
- Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition
in default setup. (bsc#917427, bsc#955609)
- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs
snapshots. (bsc#946148, bsc#952539)
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2015-1027,SUSE-SLE-SERVER-12-SP1-2015-1027
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grub2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\n- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)\n- Check MS-DOS header to find PE file header. (bsc#954126)\n- Use dirname for copying Xen kernel and initrd to esp. (bsc#955493)\n- Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519)\n- Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition\n in default setup. (bsc#917427, bsc#955609)\n- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs\n snapshots. (bsc#946148, bsc#952539)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2015-1027,SUSE-SLE-SERVER-12-SP1-2015-1027",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2387-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2387-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152387-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2387-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001768.html"
},
{
"category": "self",
"summary": "SUSE Bug 774666",
"url": "https://bugzilla.suse.com/774666"
},
{
"category": "self",
"summary": "SUSE Bug 917427",
"url": "https://bugzilla.suse.com/917427"
},
{
"category": "self",
"summary": "SUSE Bug 946148",
"url": "https://bugzilla.suse.com/946148"
},
{
"category": "self",
"summary": "SUSE Bug 952539",
"url": "https://bugzilla.suse.com/952539"
},
{
"category": "self",
"summary": "SUSE Bug 954126",
"url": "https://bugzilla.suse.com/954126"
},
{
"category": "self",
"summary": "SUSE Bug 954519",
"url": "https://bugzilla.suse.com/954519"
},
{
"category": "self",
"summary": "SUSE Bug 955493",
"url": "https://bugzilla.suse.com/955493"
},
{
"category": "self",
"summary": "SUSE Bug 955609",
"url": "https://bugzilla.suse.com/955609"
},
{
"category": "self",
"summary": "SUSE Bug 956631",
"url": "https://bugzilla.suse.com/956631"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8370 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8370/"
}
],
"title": "Security update for grub2",
"tracking": {
"current_release_date": "2015-12-29T08:05:08Z",
"generator": {
"date": "2015-12-29T08:05:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2387-1",
"initial_release_date": "2015-12-29T08:05:08Z",
"revision_history": [
{
"date": "2015-12-29T08:05:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"product": {
"name": "grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"product_id": "grub2-snapper-plugin-2.02~beta2-73.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta2-73.3.ppc64le",
"product": {
"name": "grub2-2.02~beta2-73.3.ppc64le",
"product_id": "grub2-2.02~beta2-73.3.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"product": {
"name": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"product_id": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta2-73.3.s390x",
"product": {
"name": "grub2-2.02~beta2-73.3.s390x",
"product_id": "grub2-2.02~beta2-73.3.s390x"
}
},
{
"category": "product_version",
"name": "grub2-s390x-emu-2.02~beta2-73.3.s390x",
"product": {
"name": "grub2-s390x-emu-2.02~beta2-73.3.s390x",
"product_id": "grub2-s390x-emu-2.02~beta2-73.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.02~beta2-73.3.x86_64",
"product": {
"name": "grub2-2.02~beta2-73.3.x86_64",
"product_id": "grub2-2.02~beta2-73.3.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.02~beta2-73.3.x86_64",
"product": {
"name": "grub2-i386-pc-2.02~beta2-73.3.x86_64",
"product_id": "grub2-i386-pc-2.02~beta2-73.3.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"product": {
"name": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"product_id": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"product": {
"name": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"product_id": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:grub2-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta2-73.3.noarch as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch"
},
"product_reference": "grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.ppc64le"
},
"product_reference": "grub2-2.02~beta2-73.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.s390x"
},
"product_reference": "grub2-2.02~beta2-73.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le"
},
"product_reference": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-s390x-emu-2.02~beta2-73.3.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-s390x-emu-2.02~beta2-73.3.s390x"
},
"product_reference": "grub2-s390x-emu-2.02~beta2-73.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta2-73.3.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch"
},
"product_reference": "grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.ppc64le"
},
"product_reference": "grub2-2.02~beta2-73.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.s390x"
},
"product_reference": "grub2-2.02~beta2-73.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-i386-pc-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le"
},
"product_reference": "grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-s390x-emu-2.02~beta2-73.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-s390x-emu-2.02~beta2-73.3.s390x"
},
"product_reference": "grub2-s390x-emu-2.02~beta2-73.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.02~beta2-73.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch"
},
"product_reference": "grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8370"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:grub2-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:grub2-s390x-emu-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"SUSE Linux Enterprise Server 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-s390x-emu-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8370",
"url": "https://www.suse.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "SUSE Bug 956631 for CVE-2015-8370",
"url": "https://bugzilla.suse.com/956631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:grub2-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:grub2-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:grub2-s390x-emu-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"SUSE Linux Enterprise Server 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-i386-pc-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-powerpc-ieee1275-2.02~beta2-73.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-s390x-emu-2.02~beta2-73.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-snapper-plugin-2.02~beta2-73.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-x86_64-efi-2.02~beta2-73.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:grub2-x86_64-xen-2.02~beta2-73.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-29T08:05:08Z",
"details": "moderate"
}
],
"title": "CVE-2015-8370"
}
]
}
suse-su-2015:2386-1
Vulnerability from csaf_suse
Published
2015-12-29 08:04
Modified
2015-12-29 08:04
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 provides the following fixes:
A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)
Bugs fixed:
- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs
snapshots. (bsc#946148, bsc#952539)
- Add grub.xen config searching path on boot partition. (bsc#884828)
- Add linux16 and initrd16 to grub.xen. (bsc#884830)
Patchnames
sledsp3-grub2-12287,slessp3-grub2-12287
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grub2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grub2 provides the following fixes:\n\nA security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)\n\nBugs fixed:\n- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs\n snapshots. (bsc#946148, bsc#952539)\n- Add grub.xen config searching path on boot partition. (bsc#884828)\n- Add linux16 and initrd16 to grub.xen. (bsc#884830)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sledsp3-grub2-12287,slessp3-grub2-12287",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2386-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2386-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152386-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2386-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001767.html"
},
{
"category": "self",
"summary": "SUSE Bug 884828",
"url": "https://bugzilla.suse.com/884828"
},
{
"category": "self",
"summary": "SUSE Bug 884830",
"url": "https://bugzilla.suse.com/884830"
},
{
"category": "self",
"summary": "SUSE Bug 946148",
"url": "https://bugzilla.suse.com/946148"
},
{
"category": "self",
"summary": "SUSE Bug 952539",
"url": "https://bugzilla.suse.com/952539"
},
{
"category": "self",
"summary": "SUSE Bug 954592",
"url": "https://bugzilla.suse.com/954592"
},
{
"category": "self",
"summary": "SUSE Bug 956631",
"url": "https://bugzilla.suse.com/956631"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8370 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8370/"
}
],
"title": "Security update for grub2",
"tracking": {
"current_release_date": "2015-12-29T08:04:44Z",
"generator": {
"date": "2015-12-29T08:04:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2386-1",
"initial_release_date": "2015-12-29T08:04:44Z",
"revision_history": [
{
"date": "2015-12-29T08:04:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.00-0.49.2.x86_64",
"product": {
"name": "grub2-x86_64-efi-2.00-0.49.2.x86_64",
"product_id": "grub2-x86_64-efi-2.00-0.49.2.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.00-0.49.2.x86_64",
"product": {
"name": "grub2-x86_64-xen-2.00-0.49.2.x86_64",
"product_id": "grub2-x86_64-xen-2.00-0.49.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-efi-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-xen-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.00-0.49.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.00-0.49.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8370"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-xen-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8370",
"url": "https://www.suse.com/security/cve/CVE-2015-8370"
},
{
"category": "external",
"summary": "SUSE Bug 956631 for CVE-2015-8370",
"url": "https://bugzilla.suse.com/956631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-xen-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:grub2-x86_64-efi-2.00-0.49.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:grub2-x86_64-xen-2.00-0.49.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-29T08:04:44Z",
"details": "moderate"
}
],
"title": "CVE-2015-8370"
}
]
}
msrc_cve-2015-8370
Vulnerability from csaf_microsoft
Published
2015-12-02 00:00
Modified
2020-08-18 00:00
Summary
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication obtain sensitive information or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2015-8370 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication obtain sensitive information or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-8370.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication obtain sensitive information or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"tracking": {
"current_release_date": "2020-08-18T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:02:42.703Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2015-8370",
"initial_release_date": "2015-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-08-18T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 grub2 2.02-24",
"product": {
"name": "\u003ccm1 grub2 2.02-24",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 grub2 2.02-24",
"product": {
"name": "cm1 grub2 2.02-24",
"product_id": "16850"
}
}
],
"category": "product_name",
"name": "grub2"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 grub2 2.02-24 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 grub2 2.02-24 as a component of CBL Mariner 1.0",
"product_id": "16850-16820"
},
"product_reference": "16850",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8370",
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16850-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2015-8370 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication obtain sensitive information or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-8370.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T00:00:00.000Z",
"details": "2.02-24:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication obtain sensitive information or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…