SUSE-SU-2020:2626-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20202626-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:2626-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:2626-1
Related
Published
2020-09-14T16:10:56Z
Modified
2020-09-14T16:10:56Z
Summary
Security update for shim
Details

This update for shim fixes the following issues:

  • Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied.

Additional fixes:

  • shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-7.15.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-7.15.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-7.15.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-7.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-7.15.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-7.15.1"
        }
    ]
}