[ubuntu/noble-proposed] shim-signed 1.57 (Accepted)
Julian Andres Klode
julian.klode at canonical.com
Wed Mar 6 13:34:13 UTC 2024
shim-signed (1.57) mantic; urgency=medium
* New upstream version 15.8 (LP: #2051151):
- pe: Align section size up to page size for mem attrs (LP: #2036604)
- SBAT level: shim,4
- SBAT policy:
- Latest: "shim,4\ngrub,3\ngrub.debian,4\n"
- Automatic: "shim,2\ngrub,3\ngrub.debian,4\n"
- Note that this does not yet revoke pre NTFS CVE fix GRUB binaries.
* SECURITY UPDATE: a bug in an error message [LP: #2051151]
- mok: fix LogError() invocation
- CVE-2023-40546
* SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass
when booting via HTTP [LP: #2051151]
- avoid incorrectly trusting HTTP headers
- CVE-2023-40547
* SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151]
- Fix integer overflow on SBAT section size on 32-bit system
- CVE-2023-40548
* SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
- Authenticode: verify that the signature header is in bounds.
- CVE-2023-40549
* SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
- pe: Fix an out-of-bound read in verify_buffer_sbat()
- CVE-2023-40550
* SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
- pe-relocate: Fix bounds check for MZ binaries
- CVE-2023-40551
* Makefile: Add option for building without an externally signed shim
Date: 2024-03-01 10:07:09.815389+00:00
Changed-By: Mate Kukri <mate.kukri at canonical.com>
Maintainer: Steve Langasek <steve.langasek at canonical.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/shim-signed/1.57
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list