SUSE-SU-2020:2628-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20202628-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:2628-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:2628-1
Related
Published
2020-09-14T16:11:50Z
Modified
2020-09-14T16:11:50Z
Summary
Security update for shim
Details

This update for shim fixes the following issues:

  • Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied.

Additional fixes:

  • shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
References

Affected packages

SUSE:OpenStack Cloud 7 / shim

Package

Name
shim
Purl
pkg:rpm/suse/shim&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-22.8.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-22.8.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / shim

Package

Name
shim
Purl
pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-22.8.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-22.8.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / shim

Package

Name
shim
Purl
pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-22.8.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-22.8.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / shim

Package

Name
shim
Purl
pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-22.8.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-22.8.1"
        }
    ]
}