Описание
Security update for shim
This update for shim fixes the following issues:
- Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737)
Список пакетов
Image SLES12-SP5-EC2-BYOS
shim-15.7-25.27.1
Image SLES12-SP5-EC2-ECS-On-Demand
shim-15.7-25.27.1
Image SLES12-SP5-EC2-On-Demand
shim-15.7-25.27.1
Image SLES12-SP5-EC2-SAP-BYOS
shim-15.7-25.27.1
Image SLES12-SP5-EC2-SAP-On-Demand
shim-15.7-25.27.1
Image SLES12-SP5-GCE-BYOS
shim-15.7-25.27.1
Image SLES12-SP5-GCE-On-Demand
shim-15.7-25.27.1
Image SLES12-SP5-GCE-SAP-BYOS
shim-15.7-25.27.1
Image SLES12-SP5-GCE-SAP-On-Demand
shim-15.7-25.27.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
shim-15.7-25.27.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
shim-15.7-25.27.1
SUSE Linux Enterprise Server 12 SP4-ESPOS
shim-15.7-25.27.1
SUSE Linux Enterprise Server 12 SP4-LTSS
shim-15.7-25.27.1
SUSE Linux Enterprise Server 12 SP5
shim-15.7-25.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
shim-15.7-25.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
shim-15.7-25.27.1
SUSE OpenStack Cloud 9
shim-15.7-25.27.1
SUSE OpenStack Cloud Crowbar 9
shim-15.7-25.27.1
Ссылки
- Link for SUSE-SU-2023:2091-1
- E-Mail link for SUSE-SU-2023:2091-1
- SUSE Security Ratings
- SUSE Bug 1198458
- SUSE CVE CVE-2022-28737 page
Описание
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
Затронутые продукты
Image SLES12-SP5-EC2-BYOS:shim-15.7-25.27.1
Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.7-25.27.1
Image SLES12-SP5-EC2-On-Demand:shim-15.7-25.27.1
Image SLES12-SP5-EC2-SAP-BYOS:shim-15.7-25.27.1
Ссылки
- CVE-2022-28737
- SUSE Bug 1198458
- SUSE Bug 1205065
- SUSE Bug 1205066
- SUSE Bug 1205831