OVAL Reference oval:org.opensuse.security:def:50815

Oval Definition:

oval:org.opensuse.security:def:50815

Revision Date:	2020-12-01	Version:	1
Title:	Security update for shim (Moderate)
Description:	This update for shim fixes the following issues: This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
Family:	unix	Class:	patch
Status:		Reference(s):	1040973 1068873 1088424 1097599 1097600 1107116 1107121 1109175 1109176 1109299 1111499 1113225 1115364 1117513 1121268 1133375 1139924 1142684 1150114 1153953 1157465 1158667 1159284 1159723 1159729 1161167 1162327 1165572 1166916 1167437 1168104 1168340 1168994 1169604 1169800 1170104 1170288 1170595 1171746 1171906 1172075 1172437 1172442 1172443 1173072 1173411 1173580 1173948 1174157 1174165 1174320 1175626 1175656 1175992 1176072 1176116 1176256 1176257 1176258 1176259 1176382 1178387 CVE-2017-1000126 CVE-2017-9239 CVE-2018-1000199 CVE-2018-12264 CVE-2018-12265 CVE-2018-16428 CVE-2018-16429 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-19108 CVE-2018-19607 CVE-2018-9305 CVE-2019-10072 CVE-2019-12418 CVE-2019-13114 CVE-2019-16167 CVE-2019-17563 CVE-2019-18897 CVE-2019-9928 CVE-2020-0569 CVE-2020-10713 CVE-2020-10757 CVE-2020-11080 CVE-2020-11651 CVE-2020-11652 CVE-2020-14386 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-15166 CVE-2020-24394 CVE-2020-25212 CVE-2020-25692 CVE-2020-4044 CVE-2020-7598 CVE-2020-8174 SUSE-SU-2018:3913-1 SUSE-SU-2019:2749-1 SUSE-SU-2020:0029-1 SUSE-SU-2020:0346-1 SUSE-SU-2020:0921-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1933-1 SUSE-SU-2020:1973-1 SUSE-SU-2020:2629-1 SUSE-SU-2020:3264-1
Platform(s):	SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information ImageMagick-6.4.3.6-7.30 is installed OR libMagick++1-6.4.3.6-7.30 is installed OR libMagickCore1-6.4.3.6-7.30 is installed OR libMagickCore1-32bit-6.4.3.6-7.30 is installed OR libMagickWand1-6.4.3.6-7.30 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information gimp-2.8.10-1 is installed OR gimp-lang-2.8.10-1 is installed OR gimp-plugins-python-2.8.10-1 is installed OR libgimp-2_0-0-2.8.10-1 is installed OR libgimpui-2_0-0-2.8.10-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information cyrus-sasl-2.1.26-7 is installed OR cyrus-sasl-32bit-2.1.26-7 is installed OR cyrus-sasl-crammd5-2.1.26-7 is installed OR cyrus-sasl-crammd5-32bit-2.1.26-7 is installed OR cyrus-sasl-digestmd5-2.1.26-7 is installed OR cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed OR cyrus-sasl-gssapi-2.1.26-7 is installed OR cyrus-sasl-gssapi-32bit-2.1.26-7 is installed OR cyrus-sasl-plain-2.1.26-7 is installed OR cyrus-sasl-plain-32bit-2.1.26-7 is installed OR cyrus-sasl-saslauthd-2.1.26-7 is installed OR libsasl2-3-2.1.26-7 is installed OR libsasl2-3-32bit-2.1.26-7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-28 is installed OR aaa_base-extras-13.2+git20140911.61c1681-28 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND bogofilter-1.2.4-5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information glib2-2.54.3-4.7 is installed OR glib2-devel-32bit-2.54.3-4.7 is installed OR glib2-tools-32bit-2.54.3-4.7 is installed OR libgthread-2_0-0-32bit-2.54.3-4.7 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed AND Package Information libunwind-1.2.1-4.2 is installed OR libunwind-32bit-1.2.1-4.2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND shim-15+git47-3.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-150_41-default-5-2 is installed OR kernel-livepatch-SLE15_Update_16-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information MozillaFirefox-78.0.2-3.97 is installed OR MozillaFirefox-branding-upstream-78.0.2-3.97 is installed OR MozillaFirefox-buildsymbols-78.0.2-3.97 is installed OR MozillaFirefox-devel-78.0.2-3.97 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information java-11-openjdk-11.0.8.0-3.45 is installed OR java-11-openjdk-accessibility-11.0.8.0-3.45 is installed OR java-11-openjdk-javadoc-11.0.8.0-3.45 is installed OR java-11-openjdk-jmods-11.0.8.0-3.45 is installed OR java-11-openjdk-src-11.0.8.0-3.45 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information sysstat-12.0.2-3.15 is installed OR sysstat-isag-12.0.2-3.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information cups-pk-helper-0.2.5-3 is installed OR cups-pk-helper-lang-0.2.5-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_32-default-7-4 is installed OR kgraft-patch-3_12_69-60_64_32-xen-7-4 is installed OR kgraft-patch-SLE12-SP1_Update_13-7-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information dbus-1-1.8.16-19 is installed OR dbus-1-x11-1.8.16-19 is installed OR libdbus-1-3-1.8.16-19 is installed OR libdbus-1-3-32bit-1.8.16-19 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information git-2.12.3-27.14 is installed OR git-core-2.12.3-27.14 is installed OR git-doc-2.12.3-27.14 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND clamav-0.100.1-33.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_59-92_20-default-12-2 is installed OR kgraft-patch-SLE12-SP2_Update_8-12-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information audiofile-0.3.6-10 is installed OR libaudiofile1-0.3.6-10 is installed OR libaudiofile1-32bit-0.3.6-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libfreebl3-3.47.1-58.34 is installed OR libfreebl3-32bit-3.47.1-58.34 is installed OR libfreebl3-hmac-3.47.1-58.34 is installed OR libfreebl3-hmac-32bit-3.47.1-58.34 is installed OR libsoftokn3-3.47.1-58.34 is installed OR libsoftokn3-32bit-3.47.1-58.34 is installed OR libsoftokn3-hmac-3.47.1-58.34 is installed OR libsoftokn3-hmac-32bit-3.47.1-58.34 is installed OR mozilla-nspr-4.23-19.12 is installed OR mozilla-nspr-32bit-4.23-19.12 is installed OR mozilla-nspr-devel-4.23-19.12 is installed OR mozilla-nss-3.47.1-58.34 is installed OR mozilla-nss-32bit-3.47.1-58.34 is installed OR mozilla-nss-certs-3.47.1-58.34 is installed OR mozilla-nss-certs-32bit-3.47.1-58.34 is installed OR mozilla-nss-devel-3.47.1-58.34 is installed OR mozilla-nss-sysinit-3.47.1-58.34 is installed OR mozilla-nss-sysinit-32bit-3.47.1-58.34 is installed OR mozilla-nss-tools-3.47.1-58.34 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_143-94_47-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_16-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information python3-rpm-4.11.2-16.16 is installed OR rpm-4.11.2-16.16 is installed OR rpm-32bit-4.11.2-16.16 is installed OR rpm-build-4.11.2-16.16 is installed OR rpm-python-4.11.2-16.16 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND libsrtp1-1.5.2-3.2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information gstreamer-plugins-base-1.12.5-3.3 is installed OR gstreamer-plugins-base-lang-1.12.5-3.3 is installed OR libgstallocators-1_0-0-1.12.5-3.3 is installed OR libgstapp-1_0-0-1.12.5-3.3 is installed OR libgstaudio-1_0-0-1.12.5-3.3 is installed OR libgstfft-1_0-0-1.12.5-3.3 is installed OR libgstpbutils-1_0-0-1.12.5-3.3 is installed OR libgstriff-1_0-0-1.12.5-3.3 is installed OR libgstrtp-1_0-0-1.12.5-3.3 is installed OR libgstrtsp-1_0-0-1.12.5-3.3 is installed OR libgstsdp-1_0-0-1.12.5-3.3 is installed OR libgsttag-1_0-0-1.12.5-3.3 is installed OR libgstvideo-1_0-0-1.12.5-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information nodejs8-8.17.0-3.32 is installed OR nodejs8-devel-8.17.0-3.32 is installed OR nodejs8-docs-8.17.0-3.32 is installed OR npm8-8.17.0-3.32 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.10 is installed OR kernel-default-extra-4.12.14-197.10 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information LibVNCServer-0.9.10-4.19 is installed OR libvncclient0-0.9.10-4.19 is installed OR libvncserver0-0.9.10-4.19 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND python-Beaker-1.6.4-0.7 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information storm-1.0.5-5 is installed OR storm-nimbus-1.0.5-5 is installed OR storm-supervisor-1.0.5-5 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND couchdb-1.7.2-3.3 is installed

BACK