Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:1368-1 Critical: shim Security Updates Released

suse
Calendar Grey April 22, 2024
Dist Suse Esm H88
SUSE enhances shim by implementing essential security updates that tackle significant vulnerabilities, thereby improving the overall safety and integrity of the system.
* bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945

Summary

## This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)

Topics%20covered

Topics Covered

security advisory critical issue threat patch important system update shim

References

* bsc#1198101

* bsc#1205588

* bsc#1205855

* bsc#1210382

* bsc#1213945

* bsc#1215098

* bsc#1215099

* bsc#1215100

* bsc#1215101

* bsc#1215102

* bsc#1215103

* bsc#1219460

* jsc#PED-922

Cross-

* CVE-2022-28737

* CVE-2023-40546

* CVE-2023-40547

* CVE-2023-40548

* CVE-2023-40549

* CVE-2023-40550

* CVE-2023-40551

CVSS scores:

* CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-28737 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1368-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical issue threat patch important system update shim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here