Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2627-1

Опубликовано: 14 сент. 2020
Источник: suse-cvrf

Описание

Security update for shim

This update for shim fixes the following issues:

  • Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied.

Additional fixes:

  • shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)

Список пакетов

HPE Helion OpenStack 8
shim-15+git47-25.11.1
Image SLES12-SP4-EC2-HVM-BYOS
shim-15+git47-25.11.1
Image SLES12-SP4-GCE-BYOS
shim-15+git47-25.11.1
Image SLES12-SP4-OCI-BYOS
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-EC2-HVM
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-GCE
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-GCE-BYOS
shim-15+git47-25.11.1
Image SLES12-SP4-SAP-OCI-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-EC2-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-EC2-ECS-On-Demand
shim-15+git47-25.11.1
Image SLES12-SP5-EC2-On-Demand
shim-15+git47-25.11.1
Image SLES12-SP5-EC2-SAP-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-EC2-SAP-On-Demand
shim-15+git47-25.11.1
Image SLES12-SP5-GCE-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-GCE-On-Demand
shim-15+git47-25.11.1
Image SLES12-SP5-GCE-SAP-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-GCE-SAP-On-Demand
shim-15+git47-25.11.1
Image SLES12-SP5-OCI-BYOS-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
shim-15+git47-25.11.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
shim-15+git47-25.11.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
shim-15+git47-25.11.1
SUSE Enterprise Storage 5
shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12 SP3-BCL
shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12 SP3-LTSS
shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12 SP4-LTSS
shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12 SP5
shim-15+git47-25.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
shim-15+git47-25.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
shim-15+git47-25.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
shim-15+git47-25.11.1
SUSE OpenStack Cloud 8
shim-15+git47-25.11.1
SUSE OpenStack Cloud 9
shim-15+git47-25.11.1
SUSE OpenStack Cloud Crowbar 8
shim-15+git47-25.11.1
SUSE OpenStack Cloud Crowbar 9
shim-15+git47-25.11.1

Ссылки

Описание

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые продукты
HPE Helion OpenStack 8:shim-15+git47-25.11.1
Image SLES12-SP4-EC2-HVM-BYOS:shim-15+git47-25.11.1
Image SLES12-SP4-GCE-BYOS:shim-15+git47-25.11.1
Image SLES12-SP4-OCI-BYOS:shim-15+git47-25.11.1
Ссылки