Synopsis:          Moderate: grub2 security and bug fix update
Advisory ID:       SLSA-2015:2623-1
Issue Date:        2015-12-15
CVE Numbers:       CVE-2015-8370
--

A flaw was found in the way the grub2 handled backspace characters entered
in username and password prompts. An attacker with access to the system
console could use this flaw to bypass grub2 password protection and gain
administrative access to the system. (CVE-2015-8370)

This update also fixes the following bug:

* When upgrading from Scientific Linux 7.1 and earlier, a configured boot
password was not correctly migrated to the newly introduced user.cfg
configuration files. This could possibly prevent system administrators
from changing grub2 configuration during system boot even if they provided
the correct password. This update corrects the password migration script
and the incorrectly generated user.cfg file.
--

SL7
  x86_64
    grub2-2.02-0.33.el7_2.x86_64.rpm
    grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm
    grub2-efi-2.02-0.33.el7_2.x86_64.rpm
    grub2-tools-2.02-0.33.el7_2.x86_64.rpm
    grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm

- Scientific Linux Development Team