Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:1462-1 Important: Shim Security Update Oversight

suse
Calendar Grey April 29, 2024
Dist Suse Esm H88
A recent security patch for shim addresses multiple vulnerabilities and enhances overall system stability. It is advisable to install using zypper.
* bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945

Summary

## This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)

Topics%20covered

Topics Covered

security advisory important threat mitigation SUSE security fixes shim updates

References

* bsc#1198101

* bsc#1205588

* bsc#1205855

* bsc#1210382

* bsc#1213945

* bsc#1215098

* bsc#1215099

* bsc#1215100

* bsc#1215101

* bsc#1215102

* bsc#1215103

* bsc#1219460

* jsc#PED-922

Cross-

* CVE-2022-28737

* CVE-2023-40546

* CVE-2023-40547

* CVE-2023-40548

* CVE-2023-40549

* CVE-2023-40550

* CVE-2023-40551

CVSS scores:

* CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-28737 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1462-1
Rating: important

Topics%20covered

Topics Covered

security advisory important threat mitigation SUSE security fixes shim updates

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here