SUSE-SU-2025:20136-1

Update shim-install to use the 'removable' way for encrypted SL-Micro images (bsc#1230316)
- Always use the removable way for SL-Micro
- Limit the removable option to encrypted SL-Micro

Security issues fixed:

mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
pe: Fix an out-of-bound read in verifybuffersbat() (bsc#1215102,CVE-2023-40550)
pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.6-2.1

{
    "binaries": [
        {
            "pcr-oracle": "0.4.6-2.1",
            "shim": "15.8-1.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20136-1.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.8-1.1

{
    "binaries": [
        {
            "pcr-oracle": "0.4.6-2.1",
            "shim": "15.8-1.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20136-1.json"