Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 33: FEDORA-2021-f6c91e2b75 Critical: Shim-Unsigned-X64 Threat

fedora
Calendar Grey April 28, 2021
Dist Fedora Esm H88
Important patch released for Fedora 33 to rectify vulnerabilities in the shim-unsigned-x64 bootloader, including step-by-step installation instructions.
Update to shim 15.4

Summary

Initial UEFI bootloader that handles chaining to a trusted full

bootloader under secure boot environments.

Update to shim 15.4

* Wed Apr 14 2021 Peter Jones - 15.4-5

- Fix the package version in the sbat data.

* Mon Apr 12 2021 Peter Jones - 15.4-4

- Fix mok variable storage allocation region

Resolves: rhbz#1948432

* Sat Apr 10 2021 Peter Jones - 15.4-3

- Fix handling of ignore_db and user_insecure_mode

- Fix booting on pre-UEFI Macs

* Wed Mar 31 2021 Peter Jones - 15.4-2

- Fix the ia32 build.

Resolves: CVE-2020-14372

Resolves: CVE-2020-25632

Resolves: CVE-2020-25647

Resolves: CVE-2020-27749

Resolves: CVE-2020-27779

Resolves: CVE-2021-20225

Resolves: CVE-2021-20233

* Tue Mar 30 2021 Peter Jones - 15.4-1

- Update to shim 15.4

- Support for revocations via the ".sbat" section and SBAT EFI variable

- A new unit test framework and a bunch of unit tests

- No external gnu-efi dependency

- Better CI

Resolves: CVE-2020-14372

Resolves: CVE-2020-25632

Resolves: CVE-2020-25647

Resolves: CVE-2020-27749

Resolves: CVE-2020-27779

Resolves: CVE-2021-20225

Resolves: CVE-2021-20233

* Wed Mar 24 2021 Peter Jones - 15.3-0~1

- Update to shim 15.3

- Support for revocations via the ".sbat" section and SBAT EFI variable

- A new unit test framework and a bunch of unit tests

- No external gnu-efi dependency

- Better CI

Resolves: CVE-2020-14372

Resolves: CVE-2020-25632

Resolves: CVE-2020-25647

Resolves: CVE-2020-27749

Resolves: CVE-2020-27779

Resolves: CVE-2021-20225

Resolves: CVE-2021-20233

su -c 'dnf upgrade --advisory FEDORA-2021-f6c91e2b75' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory update critical Fedora security fix installation shim bootloader

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 15.4
Release: 5.fc33
URL: https://github.com/rhboot/shim
Summary: First-stage UEFI bootloader

Topics%20covered

Topics Covered

security advisory update critical Fedora security fix installation shim bootloader

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here