Mehrere Probleme in shim
ID: | FEDORA-2014-13581 |
Distribution: | Fedora |
Plattformen: | Fedora 21 |
Datum: | So, 2. November 2014, 21:01 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677 |
Applikationen: | shim |
Originalnachricht |
|
Name : shim Product : Fedora 21 Version : 0.8 Release : 1.fc22 URL : http://www.codon.org.uk/~mjg59/shim/ Summary : First-stage UEFI bootloader Description : Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. -------------------------------------------------------------------------------- Update Information: This update fixes CVEs CVE-2014-3675, CVE-2014-3676, and CVE-2014-3677, as well as moving to the 0.8 release, which adds support for Aarch64 and fixes several bugs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1148230 - CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing https://bugzilla.redhat.com/show_bug.cgi?id=1148230 [ 2 ] Bug #1148231 - CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing https://bugzilla.redhat.com/show_bug.cgi?id=1148231 [ 3 ] Bug #1148232 - CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs) https://bugzilla.redhat.com/show_bug.cgi?id=1148232 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update shim' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |