Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
217
security advisorycritical updatesystem patchOracle Linux 8 ELSA-2024-1902 Critical Update: Shim Security Issues
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1902 http://linux.oracle.com/errata/ELSA-2024-1902.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: shim-ia32-15.8-4.0.1.el8.x86_64.rpm shim-x64-15.8-4.0.1.el8.x86_64.rpm aarch64: shim-aa64-15.8-4.0.1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//shim-15.8-4.0.1.el8.src.rpm Related CVEs: CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 Description of changes: [15.8-4.0.1] - Add support for Oracle signed shim [Orabug: 36540084] - Add shim binaries signed with Oracle Secure Boot Signing (key 1) [Orabug: 36540084] [15.8-1.0.3] - Update shimx64.efi, shimia32.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072863] [15.8-1.0.2] - Use binaries with correct shim.ol generation [Orabug: 36072863] - Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072863] [15.8-1.0.1] - Update to 15.8 [Orabug: 36072863] - fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072863] _______________________________________________ El-errata mailing list
Apr 30, 2024
•Critical
Oracle
98
security advisorysoftware updateRed Hat EnterpriseRed Hat Enterprise Linux 8 RHSA-2022-5095-01 Important Grub2 Security Fixes
An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grub2, mokutil, shim, and shim-unsigned-x64 security update Advisory ID: RHSA-2022:5095-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5095 Issue date: 2022-06-16 CVE Names: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 ==================================================================== 1. Summary: An update for grub2, mokutil, shim, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images maylead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers(CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader() 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: grub2-2.02-123.el8_6.8.src.rpm mokutil-0.3.0-11.el8_6.1.src.rpm shim-15.6-1.el8.src.rpm aarch64: grub2-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-debugsource-2.02-123.el8_6.8.aarch64.rpm grub2-efi-aa64-2.02-123.el8_6.8.aarch64.rpm grub2-efi-aa64-cdboot-2.02-123.el8_6.8.aarch64.rpm grub2-tools-2.02-123.el8_6.8.aarch64.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-tools-extra-2.02-123.el8_6.8.aarch64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.aarch64.rpm grub2-tools-minimal-2.02-123.el8_6.8.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.aarch64.rpm mokutil-0.3.0-11.el8_6.1.aarch64.rpm mokutil-debuginfo-0.3.0-11.el8_6.1.aarch64.rpm mokutil-debugsource-0.3.0-11.el8_6.1.aarch64.rpm shim-aa64-15.6-1.el8.aarch64.rpm noarch: grub2-common-2.02-123.el8_6.8.noarch.rpm grub2-efi-aa64-modules-2.02-123.el8_6.8.noarch.rpm grub2-efi-ia32-modules-2.02-123.el8_6.8.noarch.rpm grub2-efi-x64-modules-2.02-123.el8_6.8.noarch.rpm grub2-pc-modules-2.02-123.el8_6.8.noarch.rpm grub2-ppc64le-modules-2.02-123.el8_6.8.noarch.rpm ppc64le: grub2-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-debugsource-2.02-123.el8_6.8.ppc64le.rpm grub2-ppc64le-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-extra-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-minimal-2.02-123.el8_6.8.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.ppc64le.rpm x86_64: grub2-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-debugsource-2.02-123.el8_6.8.x86_64.rpm grub2-efi-ia32-2.02-123.el8_6.8.x86_64.rpm grub2-efi-ia32-cdboot-2.02-123.el8_6.8.x86_64.rpm grub2-efi-x64-2.02-123.el8_6.8.x86_64.rpm grub2-efi-x64-cdboot-2.02-123.el8_6.8.x86_64.rpm grub2-pc-2.02-123.el8_6.8.x86_64.rpm grub2-tools-2.02-123.el8_6.8.x86_64.rpm grub2-tools-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-efi-2.02-123.el8_6.8.x86_64.rpm grub2-tools-efi-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-extra-2.02-123.el8_6.8.x86_64.rpm grub2-tools-extra-debuginfo-2.02-123.el8_6.8.x86_64.rpm grub2-tools-minimal-2.02-123.el8_6.8.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-123.el8_6.8.x86_64.rpm mokutil-0.3.0-11.el8_6.1.x86_64.rpm mokutil-debuginfo-0.3.0-11.el8_6.1.x86_64.rpm mokutil-debugsource-0.3.0-11.el8_6.1.x86_64.rpm shim-ia32-15.6-1.el8.x86_64.rpm shim-x64-15.6-1.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: shim-unsigned-x64-15.6-1.el8.src.rpm x86_64: shim-unsigned-x64-15.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqtvddzjgjWX9erEAQjRmQ//YE4WPGQT/7En15s+P3gscZDFMMvLZO6n c6TqQorOIBmx+WHBSfMWapMLDQnaIZYnKhmou9I64Je03jA3oNXFNuzTRFvLm3hF Ly8+zU+Asv18WBRLIcDCZ70xgguSrHj/LlnkOnJhOQvi2el/40hDxxG2ohWsg6UQ tgZ8PZN4UWoihTCPVwlMnhsOI96UtILm5BqIP1ZmRzYHaOVeQcN/00qq5S6otDKv iKFEfP+SSaz4cU9t0ckOnGAPe9Fpez5Rk9v4jURwGdBf65CONfSQSoiUXdy1ikjd 3mCdmMJF6YmqEYWvw663qd6CVkj1N7qDklVc/oXpJacrE9b78O5u6p7M7HOXlfDH Gj2nwKwRAdYsnbvW+5kw59rRdmOCe/57jnPen4kkEWMh7dg3yn7b870LS3SUpFwG enqHdZC8U4w85Wp5GMuUi+EPYy9Gh7OTmuFUFBJeI1NJjQd7I1XgpcyAoxqFnwFO n77fTxDDbMJldP9yZbIvztLOEA/BFNZNl3FrAMlutBCweJyCaAnzWhdkeHM+7y/k S2e0gsh4jwTtOuHs2S7XZ8mzzePaJVgQ7SRG6t8jMaA05duuNniIAJEKVFYRGgsw aqzSpTAGVxiFPQ2wzYJHFbtyhhSZtRRhNaSpbI0uNj7aztnyjEofX3qMh1B3Wx4r RLkWjRXdZrE=q0Jp -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 16, 2022
•Important
Red Hat
217
security advisorysecurity fixOracle LinuxOracle Linux 7 ELSA-2022-9466: Critical Shim Vulnerability Resolution
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9466 https://linux.oracle.com/errata/ELSA-2022-9466.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: mokutil-15.6-1.0.7.el7.x86_64.rpm shim-ia32-15.6-1.0.7.el7.x86_64.rpm shim-x64-15.6-1.0.7.el7.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/shim-signed-15.6-1.0.7.el7.src.rpm Related CVEs: CVE-2022-28737 Description of changes: [15.6-1.0.7] - Update shimx64.efi and shimia32.efi signed by Microsoft [JIRA: OLDIS-16370] [15.6-1.0.5] - Update to shim-unsigned v15.6.rc2 [JIRA: OLDIS-16370] [15.6-1.0.3] - Add all algorithms using OPENSSL_add_all_algorithms [JIRA: OLDIS-16370] [15.6-1.0.1] - Update to 15.6.rc1 [JIRA: OLDIS-16370] - update CVE-2022-28737 patches [JIRA: OLDIS-16370] - Fix CVE-2022-28737 [JIRA: OLDIS-16370] [15.5-1.0.1] - update mokutils [JIRA: OLDIS-16370] - Import shim-15.5-1.0.1 [JIRA: OLDIS-16370] - Update vendor certs [JIRA: OLDIS-16370] - Update oracle(grub2-sig-key) [JIRA: OLDIS-16370] _______________________________________________ El-errata mailing list
Jun 07, 2022
•Critical
Oracle
98
security advisorysecurity issueRed Hat Enterprise LinuxRed Hat Enterprise Linux: RHSA-2021-3675-01 Moderate: Shim Security Issue
An update for fwupd, shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: shim and fwupd security update Advisory ID: RHSA-2021:3675-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3675 Issue date: 2021-09-28 CVE Names: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 ==================================================================== 1. Summary: An update for fwupd, shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. The following packages have been upgraded to a later upstream version: shim (15.4). (BZ#1932410) Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2:Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873150 - CVE-2020-14372 grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled 1879577 - CVE-2020-25632 grub2: Use-after-free in rmmod command 1886936 - CVE-2020-25647 grub2: Out-of-bounds write in grub_usb_device_initialize() 1899966 - CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline() 1900698 - CVE-2020-27779 grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled 1924696 - CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser 1926263 - CVE-2021-20233 grub2: Heap out-of-bounds write due to miscalculation of space required for quoting 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.1): Source: fwupd-1.1.4-4.el8_1.src.rpm shim-15.4-2.el8_1.src.rpm aarch64: fwupd-1.1.4-4.el8_1.aarch64.rpm fwupd-debuginfo-1.1.4-4.el8_1.aarch64.rpm fwupd-debugsource-1.1.4-4.el8_1.aarch64.rpm shim-aa64-15.4-2.el8_1.aarch64.rpm ppc64le: fwupd-1.1.4-4.el8_1.ppc64le.rpm fwupd-debuginfo-1.1.4-4.el8_1.ppc64le.rpm fwupd-debugsource-1.1.4-4.el8_1.ppc64le.rpm s390x: fwupd-1.1.4-4.el8_1.s390x.rpm fwupd-debuginfo-1.1.4-4.el8_1.s390x.rpm fwupd-debugsource-1.1.4-4.el8_1.s390x.rpm x86_64: fwupd-1.1.4-4.el8_1.x86_64.rpm fwupd-debuginfo-1.1.4-4.el8_1.x86_64.rpm fwupd-debugsource-1.1.4-4.el8_1.x86_64.rpm shim-ia32-15.4-2.el8_1.x86_64.rpm shim-x64-15.4-2.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.1): Source: shim-unsigned-aarch64-15-7.el8_1.src.rpm shim-unsigned-x64-15.4-4.el8_1.src.rpm aarch64: shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm x86_64: shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-14372 https://access.redhat.com/security/cve/CVE-2020-25632 https://access.redhat.com/security/cve/CVE-2020-25647 https://access.redhat.com/security/cve/CVE-2020-27749 https://access.redhat.com/security/cve/CVE-2020-27779 https://access.redhat.com/security/cve/CVE-2021-20225 https://access.redhat.com/security/cve/CVE-2021-20233 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYVMoXNzjgjWX9erEAQhsGQ/+IXv7ouaquc1VJd6BSCD53UUNjV/pzck7 7wqvfvz4gIpMbgPH/yBMsiJeBRzl+5VlaERYp0S8o35npwokQO7TQP8+CVEi/yCy yq32XWSPquUYo7HPRJaxU9lIQmH7aq6uM/FM4/NA+Bgxo55Pidr6JNwo1hQXUCxp V4GptlYCbaSpBG3yADRxY4ALaxtSnSGH/V9iZvzOS/4d6ma8y+lbOAZHylOE99LK WLJRq/L+BmmTLLvHMwZkjmkQkNX44bADHwP4Tc2eeeaW3IUglUfl64k0Hb69tt7q Ny3xevJobRQGxfc5U59+qgAMlFTR6nldnivFxusWzzLxVQKjFDxUoxj5R0m+LQrI 4jQph1UAHgKyya791R7aNMQtsYs1Dqwio1prbktqy+QPganCagnddWMbytN3lM7o q2+2Q1NT7yB01CnMeBM94Xn3TS4TAUmfhZLJfDvMesjjFX+RrBs1L4JkHl7iXsTq TDH8QNA+q94Xk+8CjHALszzLh3+LdkvoHVN0BWZTT8ElQ8ZNy0dQd+gEZh4F3DSa 4DzCklBeQNmJMuLkbbsaTYphMR5l8m5S0bIOqXMUMaiIpmXflS14x+xnyhyCzyXl YV+V/dUbTbS8ou5/xEZaJ/mArPMrYF8Nb8vJ7tsh0XtH3XTdZPFf6hCSd86V51Fp Pkc98lCNM88=+0q2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 28, 2021
Red Hat
100
security advisorysecurity fiximportantSUSE Linux Enterprise: 2021:1824-1 Important: Shim Update
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1824-1 Rating: important References: #1182057 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for shim fixes the following issues: - Update to the unified shim binary for SBAT support (bsc#1182057) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1824=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1824=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1824=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): shim-15.4-7.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): shim-15.4-7.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): shim-15.4-7.19.1 References: https://bugzilla.suse.com/1182057 . Update for SUSE Linux Enterprise addressing important security issues in shim. Security Announcement ID: SUSE-SU-2021:1824-1.. SUSE Update, Security Fixes, Linux Enterprise, Shim Security. . Severity: Important. LinuxSecurity.com Team
Jun 01, 2021
•Important
SuSE
202
security advisorycritical issuesecurity fixopenSUSE: 2021:0598-1 Important Fix For Shim System Boot Error
An update that solves one vulnerability and has 7 fixes is now available. . openSUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0598-1 Rating: important References: #1173411 #1174512 #1175509 #1177315 #1177404 #1177789 #1182057 #1184454 Cross-References: CVE-2019-14584 CVSS scores: CVE-2019-14584 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for shim fixes the following issues: - Updated openSUSE x86 signature - Avoid the error message during linux system boot (boo#1184454) - Prevent the build id being added to the binary. That can cause issues with the signature Update to 15.4 (boo#1182057) + Rename the SBAT variable and fix the self-check of SBAT + sbat: add more dprint() + arm/aa64: Swizzle some sections to make old sbsign happier + arm/aa64 targets: put .rel* and .dyn* in .rodata - Change the SBAT variable name and enhance the handling of SBAT (boo#1182057) Update to 15.3 for SBAT support (boo#1182057) + Drop gnu-efi from BuildRequires since upstream pull it into the - Generate vender-specific SBAT metadata + Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT - Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt - Check CodeSign in the signer's EKU (boo#1177315) - Fixed NULL pointer dereference in AuthenticodeVerify() (boo#1177789, CVE-2019-14584) - All newly released openSUSE kernels enable kernel lockdown and signature verification, sothere is no need to add the prompt anymore. - shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (boo#1177315) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-598=1 Package List: - openSUSE Leap 15.2 (x86_64): shim-15.4-lp152.4.8.1 shim-debuginfo-15.4-lp152.4.8.1 shim-debugsource-15.4-lp152.4.8.1 References: https://www.suse.com/security/cve/CVE-2019-14584.html https://bugzilla.suse.com/1173411 https://bugzilla.suse.com/1174512 https://bugzilla.suse.com/1175509 https://bugzilla.suse.com/1177315 https://bugzilla.suse.com/1177404 https://bugzilla.suse.com/1177789 https://bugzilla.suse.com/1182057 https://bugzilla.suse.com/1184454 . Enhance system components by rectifying key vulnerabilities in openSUSE, bolstering security measures and overall performance through vital updates.. openSUSE, System Boot Fix, Shim Update, Security Patch. . Severity: Important. LinuxSecurity.com Team
Apr 23, 2021
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!