Security update for shim SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1462-1 Final 1 1 2024-04-29T11:20:38Z current 2024-04-29T11:20:38Z 2024-04-29T11:20:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for shim This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-EC2-BYOS-2024-1462,Image SLES12-SP5-EC2-ECS-On-Demand-2024-1462,Image SLES12-SP5-EC2-On-Demand-2024-1462,Image SLES12-SP5-EC2-SAP-BYOS-2024-1462,Image SLES12-SP5-EC2-SAP-On-Demand-2024-1462,Image SLES12-SP5-GCE-BYOS-2024-1462,Image SLES12-SP5-GCE-On-Demand-2024-1462,Image SLES12-SP5-GCE-SAP-BYOS-2024-1462,Image SLES12-SP5-GCE-SAP-On-Demand-2024-1462,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-1462,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-1462,SUSE-2024-1462,SUSE-SLE-SERVER-12-SP5-2024-1462 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ Link for SUSE-SU-2024:1462-1 https://lists.suse.com/pipermail/sle-updates/2024-April/035120.html E-Mail link for SUSE-SU-2024:1462-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1198101 SUSE Bug 1198101 https://bugzilla.suse.com/1205588 SUSE Bug 1205588 https://bugzilla.suse.com/1205855 SUSE Bug 1205855 https://bugzilla.suse.com/1210382 SUSE Bug 1210382 https://bugzilla.suse.com/1213945 SUSE Bug 1213945 https://bugzilla.suse.com/1215098 SUSE Bug 1215098 https://bugzilla.suse.com/1215099 SUSE Bug 1215099 https://bugzilla.suse.com/1215100 SUSE Bug 1215100 https://bugzilla.suse.com/1215101 SUSE Bug 1215101 https://bugzilla.suse.com/1215102 SUSE Bug 1215102 https://bugzilla.suse.com/1215103 SUSE Bug 1215103 https://bugzilla.suse.com/1219460 SUSE Bug 1219460 https://www.suse.com/security/cve/CVE-2022-28737/ SUSE CVE CVE-2022-28737 page https://www.suse.com/security/cve/CVE-2023-40546/ SUSE CVE CVE-2023-40546 page https://www.suse.com/security/cve/CVE-2023-40547/ SUSE CVE CVE-2023-40547 page https://www.suse.com/security/cve/CVE-2023-40548/ SUSE CVE CVE-2023-40548 page https://www.suse.com/security/cve/CVE-2023-40549/ SUSE CVE CVE-2023-40549 page https://www.suse.com/security/cve/CVE-2023-40550/ SUSE CVE CVE-2023-40550 page https://www.suse.com/security/cve/CVE-2023-40551/ SUSE CVE CVE-2023-40551 page Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 shim-15.8-25.30.1 shim-15.8-25.30.1 as a component of Image SLES12-SP5-EC2-BYOS shim-15.8-25.30.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand shim-15.8-25.30.1 as a component of Image SLES12-SP5-EC2-On-Demand shim-15.8-25.30.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS shim-15.8-25.30.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand shim-15.8-25.30.1 as a component of Image SLES12-SP5-GCE-BYOS shim-15.8-25.30.1 as a component of Image SLES12-SP5-GCE-On-Demand shim-15.8-25.30.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS shim-15.8-25.30.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand shim-15.8-25.30.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production shim-15.8-25.30.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production shim-15.8-25.30.1 as a component of SUSE Linux Enterprise Server 12 SP5 shim-15.8-25.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. CVE-2022-28737 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2022-28737.html CVE-2022-28737 https://bugzilla.suse.com/1198458 SUSE Bug 1198458 https://bugzilla.suse.com/1205065 SUSE Bug 1205065 https://bugzilla.suse.com/1205066 SUSE Bug 1205066 https://bugzilla.suse.com/1205831 SUSE Bug 1205831 A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. CVE-2023-40546 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2023-40546.html CVE-2023-40546 https://bugzilla.suse.com/1215099 SUSE Bug 1215099 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. CVE-2023-40547 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2023-40547.html CVE-2023-40547 https://bugzilla.suse.com/1215098 SUSE Bug 1215098 A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. CVE-2023-40548 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2023-40548.html CVE-2023-40548 https://bugzilla.suse.com/1215100 SUSE Bug 1215100 An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. CVE-2023-40549 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2023-40549.html CVE-2023-40549 https://bugzilla.suse.com/1215101 SUSE Bug 1215101 An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. CVE-2023-40550 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2023-40550.html CVE-2023-40550 https://bugzilla.suse.com/1215102 SUSE Bug 1215102 A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. CVE-2023-40551 Image SLES12-SP5-EC2-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-ECS-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-EC2-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-BYOS:shim-15.8-25.30.1 Image SLES12-SP5-GCE-SAP-On-Demand:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:shim-15.8-25.30.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:shim-15.8-25.30.1 SUSE Linux Enterprise Server 12 SP5:shim-15.8-25.30.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:shim-15.8-25.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241462-1/ https://www.suse.com/security/cve/CVE-2023-40551.html CVE-2023-40551 https://bugzilla.suse.com/1215103 SUSE Bug 1215103