Описание
Security update for shim
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
-
Generate dbx during build so we don't include binary files in sources
-
Don't require grub so shim can still be used with systemd-boot
-
Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855)
-
Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade
-
Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
-
Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588)
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
Ссылки
- Link for SUSE-SU-2024:1461-1
- E-Mail link for SUSE-SU-2024:1461-1
- SUSE Security Ratings
- SUSE Bug 1198101
- SUSE Bug 1205588
- SUSE Bug 1205855
- SUSE Bug 1210382
- SUSE Bug 1213945
- SUSE Bug 1215098
- SUSE Bug 1215099
- SUSE Bug 1215100
- SUSE Bug 1215101
- SUSE Bug 1215102
- SUSE Bug 1215103
- SUSE Bug 1219460
- SUSE CVE CVE-2022-28737 page
- SUSE CVE CVE-2023-40546 page
- SUSE CVE CVE-2023-40547 page
- SUSE CVE CVE-2023-40548 page
- SUSE CVE CVE-2023-40549 page
Описание
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
Затронутые продукты
Ссылки
- CVE-2022-28737
- SUSE Bug 1198458
- SUSE Bug 1205065
- SUSE Bug 1205066
- SUSE Bug 1205831
Описание
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
Затронутые продукты
Ссылки
- CVE-2023-40546
- SUSE Bug 1215099
Описание
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Затронутые продукты
Ссылки
- CVE-2023-40547
- SUSE Bug 1215098
Описание
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
Затронутые продукты
Ссылки
- CVE-2023-40548
- SUSE Bug 1215100
Описание
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-40549
- SUSE Bug 1215101
Описание
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
Затронутые продукты
Ссылки
- CVE-2023-40550
- SUSE Bug 1215102
Описание
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
Затронутые продукты
Ссылки
- CVE-2023-40551
- SUSE Bug 1215103