* [Buildroot] [git commit] boot/shim: security bump to version 15.8
@ 2024-02-21 17:22 Yann E. MORIN
2024-03-16 22:31 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Yann E. MORIN @ 2024-02-21 17:22 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=f42004a046313cf73ae707d43632109c36398dc0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following security issues:
CVE-2023-40546 mok: fix LogError() invocation
CVE-2023-40547 - avoid incorrectly trusting HTTP headers
CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
https://github.com/rhboot/shim/tree/15.8
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
boot/shim/shim.hash | 2 +-
boot/shim/shim.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash
index c9c489fd2f..5aa4ca06e8 100644
--- a/boot/shim/shim.hash
+++ b/boot/shim/shim.hash
@@ -1,3 +1,3 @@
# locally computed hash
-sha256 eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5 shim-15.6.tar.bz2
+sha256 a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9 shim-15.8.tar.bz2
sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT
diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk
index bbef81cfc4..19b11f4086 100644
--- a/boot/shim/shim.mk
+++ b/boot/shim/shim.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SHIM_VERSION = 15.6
+SHIM_VERSION = 15.8
SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
SHIM_LICENSE = BSD-2-Clause
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [git commit] boot/shim: security bump to version 15.8
2024-02-21 17:22 [Buildroot] [git commit] boot/shim: security bump to version 15.8 Yann E. MORIN
@ 2024-03-16 22:31 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2024-03-16 22:31 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=f42004a046313cf73ae707d43632109c36398dc0
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security issues:
> CVE-2023-40546 mok: fix LogError() invocation
> CVE-2023-40547 - avoid incorrectly trusting HTTP headers
> CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
> CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
> CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
> CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
> https://github.com/rhboot/shim/tree/15.8
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Committed to 2023.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-16 22:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-21 17:22 [Buildroot] [git commit] boot/shim: security bump to version 15.8 Yann E. MORIN
2024-03-16 22:31 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox