Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
patchinfo.33579
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.33579
<patchinfo incident="33579"> <issue tracker="cve" id="2023-40546"/> <issue tracker="cve" id="2023-40548"/> <issue tracker="cve" id="2023-40547"/> <issue tracker="cve" id="2023-40549"/> <issue tracker="cve" id="2023-40551"/> <issue tracker="cve" id="2023-40550"/> <issue tracker="cve" id="2022-28737"/> <issue tracker="bnc" id="1215102">VUL-0: CVE-2023-40550: shim: pe: Fix an out-of-bound read in verify_buffer_sbat()</issue> <issue tracker="bnc" id="1215103">VUL-0: CVE-2023-40551: shim: pe-relocate: Fix bounds check for MZ binaries</issue> <issue tracker="bnc" id="1219460">shim is built failed due to fde-tpm-helper-rpm-macros</issue> <issue tracker="bnc" id="1205855">GRUB2 installation failed in fresh install</issue> <issue tracker="bnc" id="1215100">VUL-0: CVE-2023-40548: shim: Fix integer overflow on SBAT section size on 32-bit system</issue> <issue tracker="bnc" id="1198101">VUL-0: shim: openSUSE tumbleweed not fully locked down? Add opensuse-cert-prompt back to openSUSE shim</issue> <issue tracker="bnc" id="1215098">VUL-0: CVE-2023-40547: shim: trusting http headers</issue> <issue tracker="bnc" id="1213945">AUDIT-TRACKER: fde-tools,pcr-oracle,grub2: TPM based unattended disk unlocking</issue> <issue tracker="bnc" id="1210382">The bootx64.efi in EFI boot partition is not updated after shim be upgraded.</issue> <issue tracker="bnc" id="1215099">VUL-0: CVE-2023-40546: shim: format specifier issues when calling LogError</issue> <issue tracker="bnc" id="1215101">VUL-0: CVE-2023-40549: shim: Authenticode: verify that the signature header is in bounds.</issue> <issue tracker="bnc" id="1205588">Page Fault when booting with PE NX-compatibility DLL Characteristic flag</issue> <issue tracker="jsc" id="PED-922"/> <packager>dtseng</packager> <rating>important</rating> <category>security</category> <summary>Security update for shim</summary> <description>This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor