Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE 15 SP2: 2024:1461-1 Important: Shim Security Flaws Fixed

suse
Calendar Grey April 29, 2024
Dist Suse Esm H88
Adjustments for shim tackle various concerns, incorporating vital vulnerabilities with key assessments and required fixes.
* bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945

Summary

## This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)

Topics%20covered

Topics Covered

security advisory important security patch update SUSE Linux security fixes threat management shim

References

* bsc#1198101

* bsc#1205588

* bsc#1205855

* bsc#1210382

* bsc#1213945

* bsc#1215098

* bsc#1215099

* bsc#1215100

* bsc#1215101

* bsc#1215102

* bsc#1215103

* bsc#1219460

* jsc#PED-922

Cross-

* CVE-2022-28737

* CVE-2023-40546

* CVE-2023-40547

* CVE-2023-40548

* CVE-2023-40549

* CVE-2023-40550

* CVE-2023-40551

CVSS scores:

* CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-28737 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1461-1
Rating: important

Topics%20covered

Topics Covered

security advisory important security patch update SUSE Linux security fixes threat management shim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here