Mailinglist Archive: opensuse-security-announce (37 mails)

< Previous Next >
[security-announce] Upcoming update for shim requires confirmation on reboot

we will release a security update for shim next week that fixes three
security issues, tracked in bnc#889332:
- OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675).
- Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot
option (RCE) (CVE-2014-3676).
- Memory corruption when processing user provided MOK lists (CVE-2014-3677).

Because of those issues we update shim to version 0.7.318.81ee561d. This
version includes a patch that requires the user to confirm a dialog once
on the first boot after the update is installed. You will need to be able
to confirm this dialog, which appears before the bootloader, or your system
will not boot. This only affects users that are still on openSUSE 13.1 and
use a secure boot setup. You can check with 'bootctl' if you're using a
secure boot configuration if you're not sure.

Best regards,
Johannes Segitz
GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0
Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66
SUSE LINUX GmbH Maxfeldstraße 5 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham
Norton, HRB 21284 (AG Nürnberg)
< Previous Next >
This Thread
  • No further messages