Package shim: Information

    Source package: shim
    Version: 15.8-alt1
    Latest version according to Repology
    Build time:  Feb 2, 2024, 12:04 PM in the task #339548
    Report package bug
    License: BSD
    Summary: First-stage UEFI bootloader
    Description: 
    Initial UEFI bootloader that handles chaining to a trusted
    full bootloader under secure boot environments.

    List of rpms provided by this srpm:
    shim-unsigned (x86_64)

    Maintainer: Egor Ignatov



      1. dos2unix
      2. libefivar-devel
      3. libelf-devel
      4. pesign >= 0.106
      5. rpm-macros-uefi
      6. xxd

    Last changed


    Feb. 1, 2024 Egor Ignatov 15.8-alt1
    - new version
    - update shim-15.8-alt-Bump-grub-SBAT-revocation-to-4 patch
    - Fixes:
      + CVE-2023-40546 mok: fix LogError() invocation
      + CVE-2023-40547 - avoid incorrectly trusting HTTP headers
      + CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
      + CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
      + CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
      + CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
    Nov. 17, 2023 Egor Ignatov 15.7-alt4
    - Bump grub SBAT revocation to 4
      + grub 2.06-alt17 fixes CVE-2023-4692 and CVE-2023-4693
      + add shim-15.7-alt-Bump-grub-SBAT-revocation-to-4 patch
      + remove shim-15.7-alt-Add-grub.altlinux-2-to-SBAT-revocations patch
    March 14, 2023 Egor Ignatov 15.7-alt3
    - grub 2.06-alt9 is missing fix for CVE-2022-28733, block SBAT grub.altlinux < 2
      + add shim-15.7-alt-Add-grub.altlinux-2-to-SBAT-revocations patch