| Message ID | 20240108080413.1661026-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | boot/shim: security bump to version 15.6 | expand |
Peter, All, On 2024-01-08 09:04 +0100, Peter Korsgaard spake thusly: > Fixes the following security issue: > > CVE-2022-28737: There's a possible overflow in handle_image() when shim > tries to load and execute crafted EFI executables > > https://github.com/advisories/GHSA-hmxr-46w2-jjwh > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > boot/shim/shim.hash | 2 +- > boot/shim/shim.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash > index a0a9f06f35..c9c489fd2f 100644 > --- a/boot/shim/shim.hash > +++ b/boot/shim/shim.hash > @@ -1,3 +1,3 @@ > # locally computed hash > -sha256 8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297 shim-15.4.tar.bz2 > +sha256 eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5 shim-15.6.tar.bz2 > sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT > diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk > index 0a6d1527aa..bbef81cfc4 100644 > --- a/boot/shim/shim.mk > +++ b/boot/shim/shim.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -SHIM_VERSION = 15.4 > +SHIM_VERSION = 15.6 > SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION) > SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2 > SHIM_LICENSE = BSD-2-Clause > -- > 2.39.2 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash index a0a9f06f35..c9c489fd2f 100644 --- a/boot/shim/shim.hash +++ b/boot/shim/shim.hash @@ -1,3 +1,3 @@ # locally computed hash -sha256 8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297 shim-15.4.tar.bz2 +sha256 eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5 shim-15.6.tar.bz2 sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk index 0a6d1527aa..bbef81cfc4 100644 --- a/boot/shim/shim.mk +++ b/boot/shim/shim.mk @@ -4,7 +4,7 @@ # ################################################################################ -SHIM_VERSION = 15.4 +SHIM_VERSION = 15.6 SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION) SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2 SHIM_LICENSE = BSD-2-Clause
Fixes the following security issue: CVE-2022-28737: There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables https://github.com/advisories/GHSA-hmxr-46w2-jjwh Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- boot/shim/shim.hash | 2 +- boot/shim/shim.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)