Описание
Security update for shim
This update for shim fixes the following issues:
Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)
This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.
This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from or after July / August 2020 are applied.
Also fixed:
- shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2020:14490-1
- E-Mail link for SUSE-SU-2020:14490-1
- SUSE Security Ratings
- SUSE Bug 1168994
- SUSE Bug 1175626
- SUSE Bug 1175656
- SUSE CVE CVE-2020-10713 page
Описание
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-10713
- SUSE Bug 1168994
- SUSE Bug 1173456
- SUSE Bug 1173812
- SUSE Bug 1199353