{"affected":[{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP5","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.3","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Manager Server 4.3","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.1","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.2","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"shim","purl":"pkg:rpm/suse/shim&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"openSUSE:Leap Micro 5.3","name":"shim","purl":"pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"openSUSE:Leap Micro 5.4","name":"shim","purl":"pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"shim":"15.8-150300.4.20.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"shim","purl":"pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.8-150300.4.20.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for shim fixes the following issues:\n\n- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)\n- Limit the requirement of fde-tpm-helper-macros to the distro with\n  suse_version 1600 and above (bsc#1219460)\n\nUpdate to version 15.8:\n\nSecurity issues fixed:\n\n- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)\n- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)\n- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)\n- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)\n- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)\n- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)\n\n        \nThe NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.\n\n- Generate dbx during build so we don't include binary files in sources\n- Don't require grub so shim can still be used with systemd-boot\n- Update shim-install to fix boot failure of ext4 root file system\n  on RAID10 (bsc#1205855)\n- Adopt the macros from fde-tpm-helper-macros to update the\n  signature in the sealed key after a bootloader upgrade\n\n- Update shim-install to amend full disk encryption support\n  - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector\n  - Use the long name to specify the grub2 key protector\n  - cryptodisk: support TPM authorized policies\n  - Do not use tpm_record_pcrs unless the command is in command.lst\n\n- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to\n  enable the NX compatibility flag when using post-process-pe after\n  discussed with grub2 experts in mail. It's useful for further development\n  and testing. (bsc#1205588)\n","id":"SUSE-SU-2024:1368-1","modified":"2024-04-22T09:06:33Z","published":"2024-04-22T09:06:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241368-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198101"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205588"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205855"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210382"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213945"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215098"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215099"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215100"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215101"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215102"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219460"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28737"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40546"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40547"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40548"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40549"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40550"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40551"}],"related":["CVE-2022-28737","CVE-2023-40546","CVE-2023-40547","CVE-2023-40548","CVE-2023-40549","CVE-2023-40550","CVE-2023-40551"],"summary":"Security update for shim","upstream":["CVE-2022-28737","CVE-2023-40546","CVE-2023-40547","CVE-2023-40548","CVE-2023-40549","CVE-2023-40550","CVE-2023-40551"]}