Package shim: Information
Source package: shim
Version: 15.8-alt1
Build time: Mar 18, 2024, 02:16 PM in the task #342790
Category: System/Kernel and hardware
Report package bugHome page: https://github.com/rhboot/shim
License: BSD
Summary: First-stage UEFI bootloader
Description:
Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments.
Maintainer: Egor Ignatov
Last changed
Feb. 1, 2024 Egor Ignatov 15.8-alt1
- new version - update shim-15.8-alt-Bump-grub-SBAT-revocation-to-4 patch - Fixes: + CVE-2023-40546 mok: fix LogError() invocation + CVE-2023-40547 - avoid incorrectly trusting HTTP headers + CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system + CVE-2023-40549 Authenticode: verify that the signature header is in bounds. + CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() + CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
Nov. 17, 2023 Egor Ignatov 15.7-alt4
- Bump grub SBAT revocation to 4 + grub 2.06-alt17 fixes CVE-2023-4692 and CVE-2023-4693 + add shim-15.7-alt-Bump-grub-SBAT-revocation-to-4 patch + remove shim-15.7-alt-Add-grub.altlinux-2-to-SBAT-revocations patch
March 14, 2023 Egor Ignatov 15.7-alt3
- grub 2.06-alt9 is missing fix for CVE-2022-28733, block SBAT grub.altlinux < 2 + add shim-15.7-alt-Add-grub.altlinux-2-to-SBAT-revocations patch