{"affected":[{"ecosystem_specific":{"binaries":[{"shim":"15+git47-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15+git47-3.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15+git47-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP2","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15+git47-3.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for shim fixes the following issues:\n\nThis update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by\ndisallowing binaries signed by the previous SUSE UEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux kernel and (if used)\nXen from July / August 2020 are applied.\n\n\nChanges:\n\nUse vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)\n\n+ Add dbx-cert.tar.xz which contains the certificates to block\n  and a script, generate-vendor-dbx.sh, to generate\n  vendor-dbx.bin\n+ Add vendor-dbx.bin as the vendor dbx to block unwanted keys\n\n\n- Update the path to grub-tpm.efi in shim-install (bsc#1174320)\n- Only check EFI variable copying when Secure Boot is enabled (bsc#1173411)\n- Use the full path of efibootmgr to avoid errors when invoking\n  shim-install from packagekitd (bsc#1168104)\n- shim-install: add check for btrfs is used as root file system to enable\n  relative path lookup for file. (bsc#1153953) \n- shim-install: install MokManager to \\EFI\\boot to process the\n  pending MOK request (bsc#1175626, bsc#1175656)\n\n","id":"SUSE-SU-2020:2629-1","modified":"2020-09-14T16:12:03Z","published":"2020-09-14T16:12:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20202629-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113225"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121268"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153953"},{"type":"REPORT","url":"https://bugzilla.suse.com/1168104"},{"type":"REPORT","url":"https://bugzilla.suse.com/1168994"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173411"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174320"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175626"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175656"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10713"}],"related":["CVE-2020-10713"],"summary":"Security update for shim","upstream":["CVE-2020-10713"]}