{"affected":[{"ecosystem_specific":{"binaries":[{"grub2":"2.02~beta2-56.9.4","grub2-i386-pc":"2.02~beta2-56.9.4","grub2-snapper-plugin":"2.02~beta2-56.9.4","grub2-x86_64-efi":"2.02~beta2-56.9.4","grub2-x86_64-xen":"2.02~beta2-56.9.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"grub2","purl":"pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.02~beta2-56.9.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grub2":"2.02~beta2-56.9.4","grub2-i386-pc":"2.02~beta2-56.9.4","grub2-powerpc-ieee1275":"2.02~beta2-56.9.4","grub2-s390x-emu":"2.02~beta2-56.9.4","grub2-snapper-plugin":"2.02~beta2-56.9.4","grub2-x86_64-efi":"2.02~beta2-56.9.4","grub2-x86_64-xen":"2.02~beta2-56.9.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"grub2","purl":"pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.02~beta2-56.9.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grub2":"2.02~beta2-56.9.4","grub2-i386-pc":"2.02~beta2-56.9.4","grub2-powerpc-ieee1275":"2.02~beta2-56.9.4","grub2-s390x-emu":"2.02~beta2-56.9.4","grub2-snapper-plugin":"2.02~beta2-56.9.4","grub2-x86_64-efi":"2.02~beta2-56.9.4","grub2-x86_64-xen":"2.02~beta2-56.9.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"grub2","purl":"pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.02~beta2-56.9.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grub2 provides the following fixes and enhancements:\n\nSecurity issue fixed:\n- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)\n\nNon security issues fixed:\n- Expand list of grub.cfg search path in PV Xen guests for systems installed\n  on btrfs snapshots. (bsc#946148, bsc#952539)\n- Add --image switch to force zipl update to specific kernel. (bsc#928131)\n- Do not use shim lock protocol for reading PE header as it won't be available\n  when secure boot is disabled. (bsc#943380)\n- Make firmware flaw condition be more precisely detected and add debug message\n  for the case.\n","id":"SUSE-SU-2015:2399-1","modified":"2015-12-30T07:31:00Z","published":"2015-12-30T07:31:00Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20152399-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/928131"},{"type":"REPORT","url":"https://bugzilla.suse.com/943380"},{"type":"REPORT","url":"https://bugzilla.suse.com/946148"},{"type":"REPORT","url":"https://bugzilla.suse.com/952539"},{"type":"REPORT","url":"https://bugzilla.suse.com/956631"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8370"}],"related":["CVE-2015-8370"],"summary":"Security update for grub2","upstream":["CVE-2015-8370"]}