SUSE-SU-2020:2627-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20202627-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:2627-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:2627-1
Related
Published
2020-09-14T16:11:27Z
Modified
2020-09-14T16:11:27Z
Summary
Security update for shim
Details

This update for shim fixes the following issues:

  • Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied.

Additional fixes:

  • shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
References

Affected packages

SUSE:HPE Helion OpenStack 8 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-LTSS / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}

SUSE:Enterprise Storage 5 / shim

Package

Name
shim
Purl
purl:rpm/suse/shim&distro=SUSE%20Enterprise%20Storage%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15+git47-25.11.1

Ecosystem specific

{
    "binaries": [
        {
            "shim": "15+git47-25.11.1"
        }
    ]
}