Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 26 articles for you...
100
security advisorymoderatesecurity issueSUSE Linux 12 SP5 Shim Moderate Security Fix CVE-2024-2312 2026-1414-1
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for shim Announcement ID: SUSE-SU-2026:1414-1 Release Date: 2026-04-16T14:25:29Z Rating: moderate References: * bsc#1240871 * bsc#1247432 Cross-References: * CVE-2024-2312 CVSS scores: * CVE-2024-2312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-2312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for shim fixes the following issues: shim is updated to version 16.1: * shim_start_image(): fix guid/handle pairing when uninstalling protocols * Fix uncompressed ipv6 netboot * fix test segfaults caused by uninitialized memory * SbatLevel_Variable.txt: minor typo fix. * Realloc() needs to allocate one more byte for sprintf() * IPv6: Add more check to avoid multiple double colon and illegal char * Loader proto v2 * loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages * Generate Authenticode for the entire PE file * README: mention new loader protocol and interaction with UKIs * shim: change automatically enable MOK_POLICY_REQUIRE_NX * Save var info * add SbatLevel entry 2025051000 for PSA-2025-00012-1 * Coverity fixes 20250804 * fix http boot * Fix double free and leak in the loader protocol shim is updated to version 16.0: * Validate that a supplied vendor cert is not in PEM format * sbat: Add grub.peimage,2 to latest (CVE-2024-2312) * sbat: Also bump latest for grub,4 (and to todays date) * undo change that limits certificate files to a single file * shim: don't setsecond_stage to the empty string * Fix SBAT.md for today's consensus about numbers * Update Code of Conduct contact address * make-certs: Handle missing OpenSSL installation * Update MokVars.txt * export DEFINES for sub makefile * Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition * Null-terminate 'arguments' in fallback * Fix "Verifiying" typo in error message * Update Fedora CI targets * Force gcc to produce DWARF4 so that gdb can use it * Minor housekeeping 2024121700 * Discard load-options that start with WINDOWS * Fix the issue that the gBS-> LoadImage pointer was empty. * shim: Allow data after the end of device path node in load options * Handle network file not found like disks * Update gnu-efi submodule for EFI_HTTP_ERROR * Increase EFI file alignment * avoid EFIv2 runtime services on Apple x86 machines * Improve shortcut performance when comparing two boolean expressions * Provide better error message when MokManager is not found * tpm: Boot with a warning if the event log is full * MokManager: remove redundant logical constraints * Test import_mok_state() when MokListRT would be bigger than available size * test-mok-mirror: minor bug fix * Fix file system browser hang when enrolling MOK from disk * Ignore a minor clang-tidy nit * Allow fallback to default loader when encountering errors on network boot * test.mk: don't use a temporary random.bin * pe: Enhance debug report for update_mem_attrs * Multiple certificate handling improvements * Generate SbatLevel Metadata from SbatLevel_Variable.txt * Apply EKU check with compile option * Add configuration option to boot an alternative 2nd stage * Loader protocol (with Device Path resolution support) * netboot cleanup for additional files * Document how revocations can be delivered * post-process-pe: add tests to validate NX compliance * regression: CopyMem() in ad8692e copies out of bounds * Save the debug and error logs in mok-variables * Add features for the HostSecurity ID program * Mirror some more efi variables to mok-variables * This adds DXE Services measurements to HSI and uses them for NX * Add shim's current NX_COMPAT status to HSIStatus * README.tpm: reflect that vendor_db is in fact logged as "vendor_db" * Reject HTTP message with duplicate Content-Length header fields * Disable log saving * fallback: don't add new boot order entries backwards * README.tpm: Update MokList entry to MokListRT * SBAT Level update for February 2025 GRUB CVEs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1414=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1414=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * shim-16.1-25.34.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * shim-16.1-25.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2312.html * https://bugzilla.suse.com/show_bug.cgi?id=1240871 * https://bugzilla.suse.com/show_bug.cgi?id=1247432 . Update for SUSE shim resolves one vulnerability with moderate severity. Learn how to install the security fix now.. SUSE shim security fix, moderate severity vulnerability, Linux security update. . LinuxSecurity.com Team
Apr 16, 2026
SuSE
202
security advisorymoderatedenial of serviceopenSUSE 15.3 shim Moderate Security Fix Advisory 2026-0741-1
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for shim Announcement ID: SUSE-SU-2026:0741-1 Release Date: 2026-03-02T08:11:32Z Rating: moderate References: * bsc#1240871 * bsc#1247432 Cross-References: * CVE-2024-2312 CVSS scores: * CVE-2024-2312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-2312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for shim fixes the following issues: shim is updated to version 16.1: * shim_start_image(): fix guid/handle pairing when uninstalling protocols * Fix uncompressed ipv6 netboot * fix testsegfaults caused by uninitialized memory * SbatLevel_Variable.txt: minor typo fix. * Realloc() needs to allocate one more byte for sprintf() * IPv6: Add more check to avoid multiple double colon and illegal char * Loader proto v2 * loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages * Generate Authenticode for the entire PE file * README: mention new loader protocol and interaction with UKIs * shim: change automatically enable MOK_POLICY_REQUIRE_NX * Save var info * add SbatLevel entry 2025051000 for PSA-2025-00012-1 * Coverity fixes 20250804 * fix http boot * Fix double free and leak in the loader protocol shim is updated to version 16.0: * Validate that a supplied vendor cert is not in PEM format * sbat: Add grub.peimage,2 to latest (CVE-2024-2312) * sbat: Also bump latest for grub,4 (and to todays date) * undo change that limits certificate files to a single file * shim: don't set second_stage to the empty string * Fix SBAT.md for today's consensus about numbers * Update Code of Conduct contact address * make-certs: Handle missing OpenSSL installation * Update MokVars.txt * export DEFINES for sub makefile * Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition * Null-terminate 'arguments' in fallback * Fix "Verifiying" typo in error message * Update Fedora CI targets * Force gcc to produce DWARF4 so that gdb can use it * Minor housekeeping 2024121700 * Discard load-options that start with WINDOWS * Fix the issue that the gBS-> LoadImage pointer was empty. * shim: Allow data after the end of device path node in load options * Handle network file not found like disks * Update gnu-efi submodule for EFI_HTTP_ERROR * Increase EFI file alignment * avoid EFIv2 runtime services on Apple x86 machines * Improve shortcut performance when comparing two boolean expressions * Provide better error message when MokManager is not found * tpm: Boot with a warning if the event log is full * MokManager: remove redundantlogical constraints * Test import_mok_state() when MokListRT would be bigger than available size * test-mok-mirror: minor bug fix * Fix file system browser hang when enrolling MOK from disk * Ignore a minor clang-tidy nit * Allow fallback to default loader when encountering errors on network boot * test.mk: don't use a temporary random.bin * pe: Enhance debug report for update_mem_attrs * Multiple certificate handling improvements * Generate SbatLevel Metadata from SbatLevel_Variable.txt * Apply EKU check with compile option * Add configuration option to boot an alternative 2nd stage * Loader protocol (with Device Path resolution support) * netboot cleanup for additional files * Document how revocations can be delivered * post-process-pe: add tests to validate NX compliance * regression: CopyMem() in ad8692e copies out of bounds * Save the debug and error logs in mok-variables * Add features for the Host Security ID program * Mirror some more efi variables to mok-variables * This adds DXE Services measurements to HSI and uses them for NX * Add shim's current NX_COMPAT status to HSIStatus * README.tpm: reflect that vendor_db is in fact logged as "vendor_db" * Reject HTTP message with duplicate Content-Length header fields * Disable log saving * fallback: don't add new boot order entries backwards * README.tpm: Update MokList entry to MokListRT * SBAT Level update for February 2025 GRUB CVEs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-741=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-741=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-741=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-741=1 * SUSE Linux Enterprise Microfor Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-741=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-741=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-741=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-741=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-741=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-741=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-741=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-741=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-741=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-741=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-741=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-741=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-741=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-741=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * openSUSE Leap 15.6 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * shim-16.1-150300.4.31.3 *shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * Basesystem Module 15-SP7 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 *shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 ## References: * https://www.suse.com/security/cve/CVE-2024-2312.html * https://bugzilla.suse.com/show_bug.cgi?id=1240871 * https://bugzilla.suse.com/show_bug.cgi?id=1247432 . An update addressing a moderate security fix in openSUSE's shim application is now available for installation.. openSUSE shim security fix update. . LinuxSecurity.com Team
Mar 02, 2026
OpenSUSE
100
security advisorymoderateDoSSUSE 2026 0741-1 Moderate Shim Denial of Service Security Update
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for shim Announcement ID: SUSE-SU-2026:0741-1 Release Date: 2026-03-02T08:11:32Z Rating: moderate References: * bsc#1240871 * bsc#1247432 Cross-References: * CVE-2024-2312 CVSS scores: * CVE-2024-2312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-2312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for shim fixes the following issues: shim is updated to version 16.1: * shim_start_image(): fix guid/handle pairing when uninstalling protocols * Fix uncompressed ipv6 netboot * fix testsegfaults caused by uninitialized memory * SbatLevel_Variable.txt: minor typo fix. * Realloc() needs to allocate one more byte for sprintf() * IPv6: Add more check to avoid multiple double colon and illegal char * Loader proto v2 * loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages * Generate Authenticode for the entire PE file * README: mention new loader protocol and interaction with UKIs * shim: change automatically enable MOK_POLICY_REQUIRE_NX * Save var info * add SbatLevel entry 2025051000 for PSA-2025-00012-1 * Coverity fixes 20250804 * fix http boot * Fix double free and leak in the loader protocol shim is updated to version 16.0: * Validate that a supplied vendor cert is not in PEM format * sbat: Add grub.peimage,2 to latest (CVE-2024-2312) * sbat: Also bump latest for grub,4 (and to todays date) * undo change that limits certificate files to a single file * shim: don't set second_stage to the empty string * Fix SBAT.md for today's consensus about numbers * Update Code of Conduct contact address * make-certs: Handle missing OpenSSL installation * Update MokVars.txt * export DEFINES for sub makefile * Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition * Null-terminate 'arguments' in fallback * Fix "Verifiying" typo in error message * Update Fedora CI targets * Force gcc to produce DWARF4 so that gdb can use it * Minor housekeeping 2024121700 * Discard load-options that start with WINDOWS * Fix the issue that the gBS-> LoadImage pointer was empty. * shim: Allow data after the end of device path node in load options * Handle network file not found like disks * Update gnu-efi submodule for EFI_HTTP_ERROR * Increase EFI file alignment * avoid EFIv2 runtime services on Apple x86 machines * Improve shortcut performance when comparing two boolean expressions * Provide better error message when MokManager is not found * tpm: Boot with a warning if the event log is full * MokManager: remove redundantlogical constraints * Test import_mok_state() when MokListRT would be bigger than available size * test-mok-mirror: minor bug fix * Fix file system browser hang when enrolling MOK from disk * Ignore a minor clang-tidy nit * Allow fallback to default loader when encountering errors on network boot * test.mk: don't use a temporary random.bin * pe: Enhance debug report for update_mem_attrs * Multiple certificate handling improvements * Generate SbatLevel Metadata from SbatLevel_Variable.txt * Apply EKU check with compile option * Add configuration option to boot an alternative 2nd stage * Loader protocol (with Device Path resolution support) * netboot cleanup for additional files * Document how revocations can be delivered * post-process-pe: add tests to validate NX compliance * regression: CopyMem() in ad8692e copies out of bounds * Save the debug and error logs in mok-variables * Add features for the Host Security ID program * Mirror some more efi variables to mok-variables * This adds DXE Services measurements to HSI and uses them for NX * Add shim's current NX_COMPAT status to HSIStatus * README.tpm: reflect that vendor_db is in fact logged as "vendor_db" * Reject HTTP message with duplicate Content-Length header fields * Disable log saving * fallback: don't add new boot order entries backwards * README.tpm: Update MokList entry to MokListRT * SBAT Level update for February 2025 GRUB CVEs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-741=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-741=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-741=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-741=1 * SUSE Linux Enterprise Microfor Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-741=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-741=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-741=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-741=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-741=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-741=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-741=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-741=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-741=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-741=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-741=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-741=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-741=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-741=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * openSUSE Leap 15.6 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * shim-16.1-150300.4.31.3 *shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * Basesystem Module 15-SP7 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 *shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * shim-16.1-150300.4.31.3 * shim-debugsource-16.1-150300.4.31.3 * shim-debuginfo-16.1-150300.4.31.3 ## References: * https://www.suse.com/security/cve/CVE-2024-2312.html * https://bugzilla.suse.com/show_bug.cgi?id=1240871 * https://bugzilla.suse.com/show_bug.cgi?id=1247432 . SUSE shim security update fixes vulnerability with moderate severity on multiple distributions. Install patch now.. shim security update,SUSE Linux Enterprise,openSUSE patch,moderate severity,system security fix. . Severity: Important. LinuxSecurity.com Team
Mar 02, 2026
•Important
SuSE
100
security advisoryupdateissueSUSE Linux Micro 6.0: 2025:20136-1 important: pcr-oracle, shim
* bsc#1215098 * bsc#1215099 * bsc#1215100 * bsc#1215101 * bsc#1215102 . # Security update for pcr-oracle, shim Announcement ID: SUSE-SU-2025:20136-1 Release Date: 2025-03-07T15:31:39Z Rating: important References: * bsc#1215098 * bsc#1215099 * bsc#1215100 * bsc#1215101 * bsc#1215102 * bsc#1215103 * bsc#1230316 Cross-References: * CVE-2023-40546 * CVE-2023-40547 * CVE-2023-40548 * CVE-2023-40549 * CVE-2023-40550 * CVE-2023-40551 CVSS scores: * CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40546 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2023-40548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40548 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40548 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40549 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40549 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40549 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40550 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40550 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-40550 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-40551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40551 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2023-40551 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities and has one fix can now be installed. ##Description: This update for pcr-oracle, shim fixes the following issues: pcr-oracle: * predict SbatLevelRT for the next boot (bsc#1230316) shim was updated to version 15.8: * Update shim-install to use the 'removable' way for encrypted SL-Micro images (bsc#1230316) * Always use the removable way for SL-Micro * Limit the removable option to encrypted SL-Micro Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-225=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 x86_64) * shim-15.8-1.1 * pcr-oracle-debugsource-0.4.6-2.1 * pcr-oracle-0.4.6-2.1 * pcr-oracle-debuginfo-0.4.6-2.1 * shim-debugsource-15.8-1.1 * shim-debuginfo-15.8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40546.html * https://www.suse.com/security/cve/CVE-2023-40547.html * https://www.suse.com/security/cve/CVE-2023-40548.html * https://www.suse.com/security/cve/CVE-2023-40549.html * https://www.suse.com/security/cve/CVE-2023-40550.html * https://www.suse.com/security/cve/CVE-2023-40551.html * https://bugzilla.suse.com/show_bug.cgi?id=1215098 * https://bugzilla.suse.com/show_bug.cgi?id=1215099 * https://bugzilla.suse.com/show_bug.cgi?id=1215100 * https://bugzilla.suse.com/show_bug.cgi?id=1215101 *https://bugzilla.suse.com/show_bug.cgi?id=1215102 * https://bugzilla.suse.com/show_bug.cgi?id=1215103 * https://bugzilla.suse.com/show_bug.cgi?id=1230316 . Crucial announcement from SUSE regarding the resolution of various security vulnerabilities identified in pcr-oracle and shim, improving overall system security.. SUSE Security Update, pcr-oracle Fix, shim Vulnerability, Linux Patch, SUSE Important Advisory. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2025
•Important
SuSE
100
security advisoryDoSimportantSUSE: 2025:20136-1 important: pcr-oracle, shim security fixes
* bsc#1215098 * bsc#1215099 * bsc#1215100 * bsc#1215101 * bsc#1215102 . # Security update for pcr-oracle, shim Announcement ID: SUSE-SU-2025:20136-1 Release Date: 2025-03-07T15:31:39Z Rating: important References: * bsc#1215098 * bsc#1215099 * bsc#1215100 * bsc#1215101 * bsc#1215102 * bsc#1215103 * bsc#1230316 Cross-References: * CVE-2023-40546 * CVE-2023-40547 * CVE-2023-40548 * CVE-2023-40549 * CVE-2023-40550 * CVE-2023-40551 CVSS scores: * CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40546 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2023-40548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40548 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40548 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40549 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40549 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40549 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40550 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40550 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-40550 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-40551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40551 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2023-40551 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities and has one fix can now be installed. ##Description: This update for pcr-oracle, shim fixes the following issues: pcr-oracle: * predict SbatLevelRT for the next boot (bsc#1230316) shim was updated to version 15.8: * Update shim-install to use the 'removable' way for encrypted SL-Micro images (bsc#1230316) * Always use the removable way for SL-Micro * Limit the removable option to encrypted SL-Micro Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-225=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 x86_64) * pcr-oracle-0.4.6-2.1 * pcr-oracle-debugsource-0.4.6-2.1 * shim-debuginfo-15.8-1.1 * pcr-oracle-debuginfo-0.4.6-2.1 * shim-debugsource-15.8-1.1 * shim-15.8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40546.html * https://www.suse.com/security/cve/CVE-2023-40547.html * https://www.suse.com/security/cve/CVE-2023-40548.html * https://www.suse.com/security/cve/CVE-2023-40549.html * https://www.suse.com/security/cve/CVE-2023-40550.html * https://www.suse.com/security/cve/CVE-2023-40551.html * https://bugzilla.suse.com/show_bug.cgi?id=1215098 * https://bugzilla.suse.com/show_bug.cgi?id=1215099 * https://bugzilla.suse.com/show_bug.cgi?id=1215100 * https://bugzilla.suse.com/show_bug.cgi?id=1215101 *https://bugzilla.suse.com/show_bug.cgi?id=1215102 * https://bugzilla.suse.com/show_bug.cgi?id=1215103 * https://bugzilla.suse.com/show_bug.cgi?id=1230316 . SUSE pcr-oracle and shim have released critical updates addressing significant security vulnerabilities. These crucial patches fortify system defenses against emerging threats.. SUSE security patch, pcr-oracle update, shim vulnerabilities, system security update, Linux protection guidelines. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2025
•Important
SuSE
197
security advisorymoderateupdateDebian 10: DLA-3813-1 moderate: shim bootloader security fix
This release fixes various issues in shim bootloader and updates it to a supported version. Older versions of the shim may eventually be blocked by Secure Boot, so it is strongly advised for Secure Boot enabled systems to upgrade to this newer version to keep the system bootable. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3813-1
May 14, 2024
Debian LTS
100
security advisoryimportant securitypatch updateSUSE 15 SP2: 2024:1461-1 Important: Shim Security Flaws Fixed
* bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945 . # Security update for shim Announcement ID: SUSE-SU-2024:1461-1 Rating: important References: * bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945 * bsc#1215098 * bsc#1215099 * bsc#1215100 * bsc#1215101 * bsc#1215102 * bsc#1215103 * bsc#1219460 * jsc#PED-922 Cross-References: * CVE-2022-28737 * CVE-2023-40546 * CVE-2023-40547 * CVE-2023-40548 * CVE-2023-40549 * CVE-2023-40550 * CVE-2023-40551 CVSS scores: * CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-28737 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2023-40548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40548 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40549 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40549 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40550 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40550 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-40551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40551 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves seven vulnerabilities, contains one feature and hasfive security fixes can now be installed. ## Description: This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. * Generate dbx during build so we don't include binary files in sources * Don't require grub so shim can still be used with systemd-boot * Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) * Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade * Update shim-install to amend full disk encryption support * Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector * Use the long name to specify the grub2 key protector * cryptodisk: support TPM authorized policies * Do not use tpm_record_pcrs unless the command is in command.lst * Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run thecommand listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1461=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1461=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1461=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * shim-15.8-150100.3.38.1 * shim-debuginfo-15.8-150100.3.38.1 * shim-debugsource-15.8-150100.3.38.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * shim-15.8-150100.3.38.1 * shim-debuginfo-15.8-150100.3.38.1 * shim-debugsource-15.8-150100.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * shim-15.8-150100.3.38.1 * shim-debuginfo-15.8-150100.3.38.1 * shim-debugsource-15.8-150100.3.38.1 ## References: * https://www.suse.com/security/cve/CVE-2022-28737.html * https://www.suse.com/security/cve/CVE-2023-40546.html * https://www.suse.com/security/cve/CVE-2023-40547.html * https://www.suse.com/security/cve/CVE-2023-40548.html * https://www.suse.com/security/cve/CVE-2023-40549.html * https://www.suse.com/security/cve/CVE-2023-40550.html * https://www.suse.com/security/cve/CVE-2023-40551.html * https://bugzilla.suse.com/show_bug.cgi?id=1198101 * https://bugzilla.suse.com/show_bug.cgi?id=1205588 * https://bugzilla.suse.com/show_bug.cgi?id=1205855 * https://bugzilla.suse.com/show_bug.cgi?id=1210382 * https://bugzilla.suse.com/show_bug.cgi?id=1213945 * https://bugzilla.suse.com/show_bug.cgi?id=1215098 * https://bugzilla.suse.com/show_bug.cgi?id=1215099 * https://bugzilla.suse.com/show_bug.cgi?id=1215100 * https://bugzilla.suse.com/show_bug.cgi?id=1215101 * https://bugzilla.suse.com/show_bug.cgi?id=1215102 * https://bugzilla.suse.com/show_bug.cgi?id=1215103 *https://bugzilla.suse.com/show_bug.cgi?id=1219460 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-922&page_caps=&user_role= . Adjustments for shim tackle various concerns, incorporating vital vulnerabilities with key assessments and required fixes.. SUSE Linux, shim, important security patches, threat management, security fixes. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2024
•Important
SuSE
100
security advisorycritical issuethreatSUSE: 2024:1368-1 Critical: shim Security Updates Released
* bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945 . # Security update for shim Announcement ID: SUSE-SU-2024:1368-1 Rating: important References: * bsc#1198101 * bsc#1205588 * bsc#1205855 * bsc#1210382 * bsc#1213945 * bsc#1215098 * bsc#1215099 * bsc#1215100 * bsc#1215101 * bsc#1215102 * bsc#1215103 * bsc#1219460 * jsc#PED-922 Cross-References: * CVE-2022-28737 * CVE-2023-40546 * CVE-2023-40547 * CVE-2023-40548 * CVE-2023-40549 * CVE-2023-40550 * CVE-2023-40551 CVSS scores: * CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-28737 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40546 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40547 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40547 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2023-40548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40548 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40549 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40549 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40550 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40550 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-40551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40551 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High PerformanceComputing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities, contains one feature and has five security fixes can now be installed. ## Description: This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: * mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) * avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) * Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) * Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) * pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) * pe-relocate: Fix bounds check for MZ binaries(bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. * Generate dbx during build so we don't include binary files in sources * Don't require grub so shim can still be used with systemd-boot * Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) * Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade * Update shim-install to amend full disk encryption support * Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector * Use the long name to specify the grub2 key protector * cryptodisk: support TPM authorized policies * Do not use tpm_record_pcrs unless the command is in command.lst * Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1368=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1368=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1368=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1368=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1368=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1368=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1368=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1368=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2024-1368=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1368=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1368=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1368=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1368=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1368=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1368=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1368=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1368=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1368=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1368=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1368=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1368=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1368=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1368=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1368=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * efitools-debugsource-1.9.2-150300.7.3.1 *efitools-debuginfo-1.9.2-150300.7.3.1 * efitools-1.9.2-150300.7.3.1 * openSUSE Leap 15.3 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * openSUSE Leap 15.5 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * Basesystem Module 15-SP5 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 *shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Manager Proxy 4.3 (x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Manager Retail Branch Server 4.3 (x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Manager Server 4.3 (x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * shim-debugsource-15.8-150300.4.20.2 * shim-debuginfo-15.8-150300.4.20.2 * shim-15.8-150300.4.20.2 ## References: * https://www.suse.com/security/cve/CVE-2022-28737.html * https://www.suse.com/security/cve/CVE-2023-40546.html * https://www.suse.com/security/cve/CVE-2023-40547.html * https://www.suse.com/security/cve/CVE-2023-40548.html * https://www.suse.com/security/cve/CVE-2023-40549.html * https://www.suse.com/security/cve/CVE-2023-40550.html * https://www.suse.com/security/cve/CVE-2023-40551.html * https://bugzilla.suse.com/show_bug.cgi?id=1198101 * https://bugzilla.suse.com/show_bug.cgi?id=1205588 * https://bugzilla.suse.com/show_bug.cgi?id=1205855 * https://bugzilla.suse.com/show_bug.cgi?id=1210382 * https://bugzilla.suse.com/show_bug.cgi?id=1213945 * https://bugzilla.suse.com/show_bug.cgi?id=1215098 * https://bugzilla.suse.com/show_bug.cgi?id=1215099 * https://bugzilla.suse.com/show_bug.cgi?id=1215100 * https://bugzilla.suse.com/show_bug.cgi?id=1215101 * https://bugzilla.suse.com/show_bug.cgi?id=1215102 * https://bugzilla.suse.com/show_bug.cgi?id=1215103 * https://bugzilla.suse.com/show_bug.cgi?id=1219460 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-922&page_caps=&user_role= . SUSE enhances shim by implementing essential security updates that tackle significant vulnerabilities, thereby improving the overall safety and integrity of the system.. SUSE Linux Enterprise, Shim Security, Critical Updates. . Severity: Critical. LinuxSecurity.com Team
Apr 22, 2024
•Critical
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!