Описание
Security update for shim
This update for shim fixes the following issues:
-
Updated openSUSE x86 signature
-
Avoid the error message during linux system boot (boo#1184454)
-
Prevent the build id being added to the binary. That can cause issues with the signature
Update to 15.4 (boo#1182057)
- Rename the SBAT variable and fix the self-check of SBAT
- sbat: add more dprint()
- arm/aa64: Swizzle some sections to make old sbsign happier
- arm/aa64 targets: put .rel* and .dyn* in .rodata
- Change the SBAT variable name and enhance the handling of SBAT (boo#1182057)
Update to 15.3 for SBAT support (boo#1182057)
- Drop gnu-efi from BuildRequires since upstream pull it into the
-
Generate vender-specific SBAT metadata
- Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT
-
Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys:
- SLES-UEFI-SIGN-Certificate-2020-07.crt
- openSUSE-UEFI-SIGN-Certificate-2020-07.crt
-
Check CodeSign in the signer's EKU (boo#1177315)
-
Fixed NULL pointer dereference in AuthenticodeVerify() (boo#1177789, CVE-2019-14584)
-
All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore.
-
shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (boo#1177315)
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0598-1
- SUSE Security Ratings
- SUSE Bug 1173411
- SUSE Bug 1174512
- SUSE Bug 1175509
- SUSE Bug 1177315
- SUSE Bug 1177404
- SUSE Bug 1177789
- SUSE Bug 1182057
- SUSE Bug 1184454
- SUSE CVE CVE-2019-14584 page
Описание
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Затронутые продукты
Ссылки
- CVE-2019-14584
- SUSE Bug 1177789