drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in shim-signed
Name: |
Mehrere Probleme in shim-signed |
|
ID: |
FEDORA-2014-14059 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Mi, 12. November 2014, 07:29 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677 |
|
Applikationen: |
shim-signed |
|
Originalnachricht |
Name : shim-signed Product : Fedora 19 Version : 0.8 Release : 2 URL : http://www.codon.org.uk/~mjg59/shim/ Summary : First-stage UEFI bootloader Description : Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. This package contains the version signed by the UEFI signing service.
------------------------------------------------------------------------------- - Update Information:
This update fixes CVEs CVE-2014-3675, CVE-2014-3676, and CVE-2014-3677, as well as moving to the 0.8 release, which adds support for Aarch64 and fixes several bugs. ------------------------------------------------------------------------------- - ChangeLog:
* Thu Oct 30 2014 Peter Jones <pjones@redhat.com> - 0.8-2 - Remove the dist tag so people don't complain about what it says. * Fri Oct 24 2014 Peter Jones <pjones@redhat.com> - 0.8-1 - Update to shim 0.8 rhbz#1148230 rhbz#1148231 rhbz#1148232 - Handle building on aarch64 as well * Fri Jul 18 2014 Peter Jones <pjones@redhat.com> - 0.7-2 - Don't do multi-signing; too many machines screw up verification. Resolves: rhbz#1049749 * Wed Nov 13 2013 Peter Jones <pjones@redhat.com> - 0.7-1 - Update to shim 0.7 Resolves: rhbz#1023767 * Thu Oct 24 2013 Peter Jones <pjones@redhat.com> - 0.5-1 - Update to shim 0.5 * Thu Jun 20 2013 Peter Jones <pjones@redhat.com> - 0.4-1 - Provide a fallback for uninitialized Boot#### and BootOrder Resolves: rhbz#963359 - Move all signing from shim-unsigned to here - properly compare our generated hash from shim-unsigned with the hash of the signed binary (as opposed to doing it manually) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1148230 - CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing https://bugzilla.redhat.com/show_bug.cgi?id=1148230 [ 2 ] Bug #1148231 - CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing https://bugzilla.redhat.com/show_bug.cgi?id=1148231 [ 3 ] Bug #1148232 - CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs) https://bugzilla.redhat.com/show_bug.cgi?id=1148232 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update shim-signed' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|