SUSE Security Update: Security update for shim
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1619-1
Rating:             important
References:         #813448 #863205 #866690 #875385 #889332 #889765 
                    
Cross-References:   CVE-2014-3675 CVE-2014-3676 CVE-2014-3677
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves three vulnerabilities and has three
   fixes is now available. It includes two new package
   versions.

Description:


   shim has been updated to fix three security issues:

       * OOB read access when parsing DHCPv6 packets (remote DoS)
         (CVE-2014-3675).
       * Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6
         boot option (RCE) (CVE-2014-3676).
       * Memory corruption when processing user provided MOK lists
         (CVE-2014-3677).

   Security Issues:

       * CVE-2014-3675
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675>
       * CVE-2014-3676
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676>
       * CVE-2014-3677
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-shim-2014-11-20-9997

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-shim-2014-11-20-9997

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-shim-2014-11-20-9997

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-shim-2014-11-20-9997

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New
 Version: 3.0u]:

      gnu-efi-3.0u-0.7.2

   - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version:
 0.7.318.81ee561d and 3.0u]:

      gnu-efi-3.0u-0.7.2
      shim-0.7.318.81ee561d-0.9.2

   - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version:
 0.7.318.81ee561d and 3.0u]:

      gnu-efi-3.0u-0.7.2
      shim-0.7.318.81ee561d-0.9.2

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version:
 0.7.318.81ee561d]:

      shim-0.7.318.81ee561d-0.9.2


References:

   http://support.novell.com/security/cve/CVE-2014-3675.html
   http://support.novell.com/security/cve/CVE-2014-3676.html
   http://support.novell.com/security/cve/CVE-2014-3677.html
   https://bugzilla.suse.com/show_bug.cgi?id=813448
   https://bugzilla.suse.com/show_bug.cgi?id=863205
   https://bugzilla.suse.com/show_bug.cgi?id=866690
   https://bugzilla.suse.com/show_bug.cgi?id=875385
   https://bugzilla.suse.com/show_bug.cgi?id=889332
   https://bugzilla.suse.com/show_bug.cgi?id=889765
   ?keywords=9aaff893726e6b56bde50850c3154ed1

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org