[Bug 1185441] New: "system is compromised" during boot after grub2+shim update
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Bug ID: 1185441 Summary: "system is compromised" during boot after grub2+shim update Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: screening-team-bugs@suse.de Reporter: robert.simai@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I installed the most recent kernel-default-5.3.18-lp152.72.1.x86_64 shim-15.4-lp152.4.8.1.x86_64 grub2-2.04-lp152.7.25.1.x86_64 on my Dell Precision 3620 this week and rebooted as required. The system doesn't come up but shows "system is compromised" for a second, followed by power down. If I change from "UEFI with secure boot" to "UEFI without secure boot" it behaves well again and just boots. I've set "mokutil --set-verbosity true" as advised which outputs a lot of messages, I unfortunately have no serial console at hand to connect and save them. I'll try to attach a video from the screen that shows the boot process and messages. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Robert Simai <robert.simai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs@suse.de |glin@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c1 Gary Ching-Pang Lin <glin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mchang@suse.com --- Comment #1 from Gary Ching-Pang Lin <glin@suse.com> --- Per the design of shim, the error message, "System is compromised. halting.", should only happen when grub2 loads a kernel without verifying it with the shim protocol. However, our grub2 always verifies kernel when secure boot is on, so this should not happen. One possible cause would be that the static variable in shim, loader_is_participating, was overwritten accidentally in some case, so shim mistakenly showed the message. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c2 --- Comment #2 from Robert Simai <robert.simai@suse.com> --- Created attachment 848874 --> https://bugzilla.suse.com/attachment.cgi?id=848874&action=edit screen video of boot process -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bwiedemann@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Witek Bedyk <witold.bedyk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |witold.bedyk@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c3 --- Comment #3 from Witek Bedyk <witold.bedyk@suse.com> --- I have also problems after shim upgrade. Reported here: https://bugzilla.suse.com/show_bug.cgi?id=1185456 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c4 Michael Chang <mchang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |glin@suse.com Flags| |needinfo?(glin@suse.com) --- Comment #4 from Michael Chang <mchang@suse.com> --- I can reproduce the error. It appears that the secure boot validation has been disabled through MokManager, but shim still insist to enforce it and spew "system is compromised ..." when grub is told to skip shim_lock to honor the setting. The step to reproduce: (Secure Boot Standard Mode in firmware) 1. mokutil --disable-validation 2. reboot 3. Press Down and Enter in shim menu to *Change secure boot state* 4. Enter three password characters. 5. Press y and Enter to confirm *disabling* Secure Boot 6. Press any key to reboot system (reboot) 7. "Bootloader has not verified loaded image. System is compromised, halting" logged on screen when trying to boot linux kernel Also we can observe whether secure boot validation has been disabled via examining the MokSBStateRT variable. cd /sys/firmware/efi/efivars hexdump -C MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23 00000000 06 00 00 00 01 |.....| 00000005 "1" means secure boot validation disabled, in other words putting shim in "insecure" mode intentionally to allow booting unsigned image even if secure boot is enabled in firmware. It then looks like shim issue to me ... Gary did you have any idea ? Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c5 --- Comment #5 from Michael Chang <mchang@suse.com> --- FWIW. The relevant source code in grub to honor MokSBStateRT setting. https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/kern/efi/sb.c#n94 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Pavel Dost�l <pdostal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pdostal@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c6 --- Comment #6 from Michael Chang <mchang@suse.com> --- Reverting to old shim helps to get rid of the error for me. I could see 'Booting in insecure mode' logged on the screen before grub starts, and grub boots kernel without error. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c7 --- Comment #7 from Bernhard Wiedemann <bwiedemann@suse.com> --- Here are the shim changes: osc rdiff openSUSE:Leap:15.2:Update/shim.13675 \ openSUSE:Leap:15.2:Update/shim.16135 ------------------------------------------------------------------- Wed Apr 21 05:46:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com> - Updated openSUSE x86 signature ------------------------------------------------------------------- Thu Apr 8 08:44:27 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com> - Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid the error message during linux system boot (bsc#1184454) ------------------------------------------------------------------- Wed Apr 7 12:25:02 UTC 2021 - Johannes Segitz <jsegitz@suse.com> - Add remove_build_id.patch to prevent the build id being added to the binary. That can cause issues with the signature ------------------------------------------------------------------- Wed Mar 31 08:45:52 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com> - Update to 15.4 (bsc#1182057) + Rename the SBAT variable and fix the self-check of SBAT + sbat: add more dprint() + arm/aa64: Swizzle some sections to make old sbsign happier + arm/aa64 targets: put .rel* and .dyn* in .rodata - Drop upstreamed patch: shim-bsc1182057-sbat-variable-enhancement.patch ------------------------------------------------------------------- Mon Mar 29 07:18:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com> - Add shim-bsc1182057-sbat-variable-enhancement.patch to change the SBAT variable name and enhance the handling of SBAT (bsc#1182057) ------------------------------------------------------------------- Wed Mar 24 01:29:17 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com> - Update to 15.3 for SBAT support (bsc#1182057) + Drop gnu-efi from BuildRequires since upstream pull it into the + Include the fixes for bsc#1175509, bsc#1173411, bsc#1177404, bsc#1175509, bsc#1174512 - Generate vender-specific SBAT metadata + Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT - Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt - Refresh patches + shim-arch-independent-names.patch + shim-change-debug-file-path.patch - Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign in the signer's EKU (bsc#1177315) - Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch to fix NULL pointer dereference in AuthenticodeVerify() (bsc#1177789, CVE-2019-14584) - Drop upstreamed fixes + shim-always-mirror-mok-variables.patch + gcc9-fix-warnings.patch + shim-fix-gnu-efi-3.0.11.patch + shim-bsc1092000-fallback-menu.patch + shim-bsc1173411-only-check-efi-var-on-sb.patch + shim-correct-license-in-headers.patch - Drop shim-opensuse-cert-prompt.patch + All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore. - Amend timestamp.pl to include the linker version to avoid the potential breakage of signature due to the upgrade of binutils + Also update the signature files to add the linker version - shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c9 Gary Ching-Pang Lin <glin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(glin@suse.com) | --- Comment #9 from Gary Ching-Pang Lin <glin@suse.com> --- Hmmm, there is a known bug in shim 15.4 that MokSBState wasn't handled properly. https://github.com/rhboot/shim/pull/362 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jlee@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c10 --- Comment #10 from Gary Ching-Pang Lin <glin@suse.com> --- If the error is really caused by MokSBState, then it can be work around by reverting to old shim, executing "mokutil --enable-validation", rebooting the system, and then upgrading shim again. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c13 --- Comment #13 from Gary Ching-Pang Lin <glin@suse.com> --- (In reply to Tiago Marques from comment #12)
Hi,
I've been hit by this for some months now. Every Grub2 update, I get the same message as OP. Not sure which grub package is to blame and I'm using EFI and secure boot.
I've managed to (twice) solve the issue by booting a live USB, chrooting and then running 'shim-install'.
Not sure where the bug is or if this helps. I'm available to test other things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c15 --- Comment #15 from Tiago Marques <bugs@tmarques.com> --- (In reply to Gary Ching-Pang Lin from comment #13)
(In reply to Tiago Marques from comment #12)
Hi,
I've been hit by this for some months now. Every Grub2 update, I get the same message as OP. Not sure which grub package is to blame and I'm using EFI and secure boot.
I've managed to (twice) solve the issue by booting a live USB, chrooting and then running 'shim-install'.
Not sure where the bug is or if this helps. I'm available to test other things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState?
Tried but the command is asking me for a password. I have no password set on the BIOS. Is this the expected behavior? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c16 --- Comment #16 from Gary Ching-Pang Lin <glin@suse.com> --- (In reply to Tiago Marques from comment #15)
(In reply to Gary Ching-Pang Lin from comment #13)
(In reply to Tiago Marques from comment #12)
Hi,
I've been hit by this for some months now. Every Grub2 update, I get the same message as OP. Not sure which grub package is to blame and I'm using EFI and secure boot.
I've managed to (twice) solve the issue by booting a live USB, chrooting and then running 'shim-install'.
Not sure where the bug is or if this helps. I'm available to test other things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState?
Tried but the command is asking me for a password. I have no password set on the BIOS. Is this the expected behavior?
That's a password used to verify physical access when modifying MokSBState variable. During the next boot, MokManager will ask if you want to "Change Secure Boot state" and randomly ask 3 characters of the password you set. It's an one-time password and will be dropped after use. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c17 --- Comment #17 from Tiago Marques <bugs@tmarques.com> --- (In reply to Gary Ching-Pang Lin from comment #16)
(In reply to Tiago Marques from comment #15)
(In reply to Gary Ching-Pang Lin from comment #13)
(In reply to Tiago Marques from comment #12)
Hi,
I've been hit by this for some months now. Every Grub2 update, I get the same message as OP. Not sure which grub package is to blame and I'm using EFI and secure boot.
I've managed to (twice) solve the issue by booting a live USB, chrooting and then running 'shim-install'.
Not sure where the bug is or if this helps. I'm available to test other things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState?
Tried but the command is asking me for a password. I have no password set on the BIOS. Is this the expected behavior?
That's a password used to verify physical access when modifying MokSBState variable. During the next boot, MokManager will ask if you want to "Change Secure Boot state" and randomly ask 3 characters of the password you set. It's an one-time password and will be dropped after use.
After doing that, got an unbootable system with the the same "system is compromised message". Tried to restore the same way as before, but the OpenSUSE live USB was also unbootable w/ messages: --- Failed to open \EFI\BOOT\MokManager.efi - Not Found Failed to load image \EFI\BOOT\MokManager.efi: Not Found Failed to start MokManager: Not Found Something has gone seriously wrong: import_mok_state() failed : Not Found --- I managed to select an option to run "UEFI Application", manually select 'shim.efi' from the boot drive and get into the OS. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c18 --- Comment #18 from Gary Ching-Pang Lin <glin@suse.com> --- (In reply to Tiago Marques from comment #17)
(In reply to Gary Ching-Pang Lin from comment #16)
(In reply to Tiago Marques from comment #15)
(In reply to Gary Ching-Pang Lin from comment #13)
(In reply to Tiago Marques from comment #12)
Hi,
I've been hit by this for some months now. Every Grub2 update, I get the same message as OP. Not sure which grub package is to blame and I'm using EFI and secure boot.
I've managed to (twice) solve the issue by booting a live USB, chrooting and then running 'shim-install'.
Not sure where the bug is or if this helps. I'm available to test other things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState?
Tried but the command is asking me for a password. I have no password set on the BIOS. Is this the expected behavior?
That's a password used to verify physical access when modifying MokSBState variable. During the next boot, MokManager will ask if you want to "Change Secure Boot state" and randomly ask 3 characters of the password you set. It's an one-time password and will be dropped after use.
After doing that, got an unbootable system with the the same "system is compromised message".
What's the version of shim in the system? Could you try 1) downgrade shim with the following rpm http://download.opensuse.org/update/leap/15.2/oss/x86_64/shim-15+git47-lp152... 2) mokutil --enable-validation 3) reboot the system to clear MokSBState 4) upgrade shim to 15.4 again and reboot the system to see if the issue persists
Tried to restore the same way as before, but the OpenSUSE live USB was also unbootable w/ messages:
--- Failed to open \EFI\BOOT\MokManager.efi - Not Found Failed to load image \EFI\BOOT\MokManager.efi: Not Found Failed to start MokManager: Not Found Something has gone seriously wrong: import_mok_state() failed : Not Found ---
It seems the request for MokSBState wasn't handled, and MokManager.efi wasn't in Live USB so that shim cannot handle the request.
I managed to select an option to run "UEFI Application", manually select 'shim.efi' from the boot drive and get into the OS.
-- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c20 --- Comment #20 from Gary Ching-Pang Lin <glin@suse.com> --- (In reply to Michiel Janssens from comment #19)
Hi, since upgrading to shim 15.4 I had the same issue with Secureboot enabled in BIOS on Tumbleweed, so with message "system is compromised". To be able to boot I disabled Secureboot in BIOS. Today I upgraded TW to snapshot 20210520, with shim-15.4-3.1.x86_64, still the same issue when enabling Secureboot in BIOS, so disabled it again.
So I followed some of the steps in this report, didn't downgrade shim package.
1. mokutil --enable-validation (not disable) 2. reboot 3. Press Down and Enter in shim menu to *Change secure boot state* 4. Enter three password characters. 5. Press y and Enter 6. Press any key to reboot system (reboot) 7. system boots, Secureboot still disabled in BIOS. 8. Boot to Bios and enabled Secureboot again 9. System boots, without error
mokutil --sb-state gives SecureBoot enabled, so I guess it's fixed.
Thanks for verifying MokSBState and provide the workaround! -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c21 --- Comment #21 from Tiago Marques <bugs@tmarques.com> --- (In reply to Gary Ching-Pang Lin from comment #18)
(In reply to Tiago Marques from comment #17)
(In reply to Gary Ching-Pang Lin from comment #16)
(In reply to Tiago Marques from comment #15)
(In reply to Gary Ching-Pang Lin from comment #13)
(In reply to Tiago Marques from comment #12)
Hi,
I've been hit by this for some months now. Every Grub2 update, I get the same message as OP. Not sure which grub package is to blame and I'm using EFI and secure boot.
I've managed to (twice) solve the issue by booting a live USB, chrooting and then running 'shim-install'.
Not sure where the bug is or if this helps. I'm available to test other things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState?
Tried but the command is asking me for a password. I have no password set on the BIOS. Is this the expected behavior?
That's a password used to verify physical access when modifying MokSBState variable. During the next boot, MokManager will ask if you want to "Change Secure Boot state" and randomly ask 3 characters of the password you set. It's an one-time password and will be dropped after use.
After doing that, got an unbootable system with the the same "system is compromised message".
What's the version of shim in the system? Could you try
1) downgrade shim with the following rpm http://download.opensuse.org/update/leap/15.2/oss/x86_64/shim-15+git47-lp152. 4.6.1.x86_64.rpm
2) mokutil --enable-validation
3) reboot the system to clear MokSBState
4) upgrade shim to 15.4 again and reboot the system to see if the issue persists
Tried to restore the same way as before, but the OpenSUSE live USB was also unbootable w/ messages:
--- Failed to open \EFI\BOOT\MokManager.efi - Not Found Failed to load image \EFI\BOOT\MokManager.efi: Not Found Failed to start MokManager: Not Found Something has gone seriously wrong: import_mok_state() failed : Not Found ---
It seems the request for MokSBState wasn't handled, and MokManager.efi wasn't in Live USB so that shim cannot handle the request.
I managed to select an option to run "UEFI Application", manually select 'shim.efi' from the boot drive and get into the OS.
Tried this to no avail. Also tried changing the SB state through the Shim management options but it fails with error "Failed to changed SB state". Running shim through UEFI programs still works and "shim-install" then fixes the boot issue. $ mokutil --list-enrolled MokListRT is empty Could this be related? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c22 --- Comment #22 from Gary Ching-Pang Lin <glin@suse.com> --- (In reply to Tiago Marques from comment #21)
(In reply to Gary Ching-Pang Lin from comment #18)
(In reply to Tiago Marques from comment #17)
(In reply to Gary Ching-Pang Lin from comment #16)
(In reply to Tiago Marques from comment #15)
(In reply to Gary Ching-Pang Lin from comment #13)
(In reply to Tiago Marques from comment #12) > Hi, > > I've been hit by this for some months now. Every Grub2 update, I get the > same message as OP. > Not sure which grub package is to blame and I'm using EFI and secure boot. > > I've managed to (twice) solve the issue by booting a live USB, chrooting and > then running 'shim-install'. > > Not sure where the bug is or if this helps. I'm available to test other > things out to help fix this.
Before upgrading "shim", could you try "mokutil --enable-validation" and reboot the system to clean up MokSBState?
Tried but the command is asking me for a password. I have no password set on the BIOS. Is this the expected behavior?
That's a password used to verify physical access when modifying MokSBState variable. During the next boot, MokManager will ask if you want to "Change Secure Boot state" and randomly ask 3 characters of the password you set. It's an one-time password and will be dropped after use.
After doing that, got an unbootable system with the the same "system is compromised message".
What's the version of shim in the system? Could you try
1) downgrade shim with the following rpm http://download.opensuse.org/update/leap/15.2/oss/x86_64/shim-15+git47-lp152. 4.6.1.x86_64.rpm
2) mokutil --enable-validation
3) reboot the system to clear MokSBState
4) upgrade shim to 15.4 again and reboot the system to see if the issue persists
Tried to restore the same way as before, but the OpenSUSE live USB was also unbootable w/ messages:
--- Failed to open \EFI\BOOT\MokManager.efi - Not Found Failed to load image \EFI\BOOT\MokManager.efi: Not Found Failed to start MokManager: Not Found Something has gone seriously wrong: import_mok_state() failed : Not Found ---
It seems the request for MokSBState wasn't handled, and MokManager.efi wasn't in Live USB so that shim cannot handle the request.
I managed to select an option to run "UEFI Application", manually select 'shim.efi' from the boot drive and get into the OS.
Tried this to no avail.
Also tried changing the SB state through the Shim management options but it fails with error "Failed to changed SB state".
Running shim through UEFI programs still works and "shim-install" then fixes the boot issue.
$ mokutil --list-enrolled MokListRT is empty
Could this be related?
The empty MokListRT sounds similar to bsc#1185528. It seems that shim failed to mirror the keys for some reason. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c25 --- Comment #25 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:1064-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185621,1187071,1187260,1187696 CVE References: JIRA References: Sources used: openSUSE Leap 15.2 (src): shim-15.4-lp152.4.17.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c28 --- Comment #28 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:2464-1: An update that has 8 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185464,1185961,1187071,1187260,1187696 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): shim-15.4-4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c29 --- Comment #29 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:2464-1: An update that has 8 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185464,1185961,1187071,1187260,1187696 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): shim-15.4-4.7.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c30 --- Comment #30 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:2465-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185621,1187071,1187260,1187696 CVE References: JIRA References: Sources used: SUSE MicroOS 5.0 (src): shim-15.4-3.29.1 SUSE Manager Server 4.0 (src): shim-15.4-3.29.1 SUSE Manager Retail Branch Server 4.0 (src): shim-15.4-3.29.1 SUSE Manager Proxy 4.0 (src): shim-15.4-3.29.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): shim-15.4-3.29.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): shim-15.4-3.29.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): shim-15.4-3.29.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): shim-15.4-3.29.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): shim-15.4-3.29.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): shim-15.4-3.29.1 SUSE Enterprise Storage 6 (src): shim-15.4-3.29.1 SUSE CaaS Platform 4.0 (src): shim-15.4-3.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c31 --- Comment #31 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:2466-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185621,1187071,1187260,1187696 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): shim-15.4-7.23.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): shim-15.4-7.23.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): shim-15.4-7.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c32 --- Comment #32 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:2594-1: An update that has 9 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185464,1185621,1185961,1187071,1187260,1187696 CVE References: JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): shim-15.4-25.21.1 SUSE OpenStack Cloud Crowbar 8 (src): shim-15.4-25.21.1 SUSE OpenStack Cloud 9 (src): shim-15.4-25.21.1 SUSE OpenStack Cloud 8 (src): shim-15.4-25.21.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): shim-15.4-25.21.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): shim-15.4-25.21.1 SUSE Linux Enterprise Server 12-SP5 (src): shim-15.4-25.21.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): shim-15.4-25.21.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): shim-15.4-25.21.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): shim-15.4-25.21.1 HPE Helion Openstack 8 (src): shim-15.4-25.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c35 --- Comment #35 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:14808-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185232,1185261,1185441,1185621,1187071,1187260,1187696 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): shim-15.4-12.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c36 --- Comment #36 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3224-1: An update that has 12 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1177315,1177789,1182057,1184454,1185232,1185261,1185441,1185464,1185621,1185961,1187260,1187696 CVE References: JIRA References: Sources used: SUSE MicroOS 5.0 (src): shim-15.4-3.32.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): shim-susesigned-15.4-3.10.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): shim-15.4-3.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c37 --- Comment #37 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:3224-1: An update that has 12 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1177315,1177789,1182057,1184454,1185232,1185261,1185441,1185464,1185621,1185961,1187260,1187696 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): shim-susesigned-15.4-3.10.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185441 https://bugzilla.suse.com/show_bug.cgi?id=1185441#c38 --- Comment #38 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2023:1702-1: An update that solves one vulnerability, contains two features and has 10 fixes can now be installed. Category: security (important) Bug References: 1185232, 1185261, 1185441, 1185621, 1187071, 1187260, 1193282, 1198458, 1201066, 1202120, 1205588 CVE References: CVE-2022-28737 Jira References: PED-127, PED-1273 Sources used: openSUSE Leap Micro 5.3 (src): shim-15.7-150300.4.11.1 openSUSE Leap 15.4 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.4 (src): shim-15.7-150300.4.11.1 Basesystem Module 15-SP4 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Real Time 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Manager Proxy 4.2 (src): shim-15.7-150300.4.11.1 SUSE Manager Retail Branch Server 4.2 (src): shim-15.7-150300.4.11.1 SUSE Manager Server 4.2 (src): shim-15.7-150300.4.11.1 SUSE Enterprise Storage 7.1 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.1 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.2 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): shim-15.7-150300.4.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com