Oval Definition:oval:org.opensuse.security:def:64071
Revision Date:2020-12-01Version:1
Title:Security update for shim (Moderate)
Description:

This update for shim fixes the following issues:

- Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied.

Additional fixes:

+ shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)

Family:unixClass:patch
Status:Reference(s):1103041
1118832
1119396
1126711
1126713
1126821
1126823
1126827
1127122
1128722
1128883
1128886
1128887
1128889
1128892
1129032
1132837
1132838
1134322
1148931
1159498
1168994
1172399
1172798
1172846
1173972
1174041
1174753
1174817
1175168
1175596
1175626
1175656
1176733
1177472
1178428
CVE-2018-14332
CVE-2018-19935
CVE-2018-20783
CVE-2019-11034
CVE-2019-11035
CVE-2019-11036
CVE-2019-13767
CVE-2019-8595
CVE-2019-8607
CVE-2019-8615
CVE-2019-8644
CVE-2019-8649
CVE-2019-8658
CVE-2019-8666
CVE-2019-8669
CVE-2019-8671
CVE-2019-8672
CVE-2019-8673
CVE-2019-8676
CVE-2019-8677
CVE-2019-8678
CVE-2019-8679
CVE-2019-8680
CVE-2019-8681
CVE-2019-8683
CVE-2019-8684
CVE-2019-8686
CVE-2019-8687
CVE-2019-8688
CVE-2019-8689
CVE-2019-8690
CVE-2019-9020
CVE-2019-9021
CVE-2019-9022
CVE-2019-9023
CVE-2019-9024
CVE-2019-9637
CVE-2019-9638
CVE-2019-9639
CVE-2019-9640
CVE-2019-9641
CVE-2019-9675
CVE-2020-10713
CVE-2020-13844
CVE-2020-14765
CVE-2020-14776
CVE-2020-14789
CVE-2020-14812
CVE-2020-15180
CVE-2020-26117
openSUSE-SU-2019:1572-1
openSUSE-SU-2019:1780-1
openSUSE-SU-2019:2208-1
openSUSE-SU-2019:2712-1
openSUSE-SU-2020:1016-1
openSUSE-SU-2020:1692-1
SUSE-SU-2020:2881-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • apache2-mod_php7-7.2.5-lp151.6.3 is installed
  • OR php7-7.2.5-lp151.6.3 is installed
  • OR php7-bcmath-7.2.5-lp151.6.3 is installed
  • OR php7-bz2-7.2.5-lp151.6.3 is installed
  • OR php7-calendar-7.2.5-lp151.6.3 is installed
  • OR php7-ctype-7.2.5-lp151.6.3 is installed
  • OR php7-curl-7.2.5-lp151.6.3 is installed
  • OR php7-dba-7.2.5-lp151.6.3 is installed
  • OR php7-devel-7.2.5-lp151.6.3 is installed
  • OR php7-dom-7.2.5-lp151.6.3 is installed
  • OR php7-embed-7.2.5-lp151.6.3 is installed
  • OR php7-enchant-7.2.5-lp151.6.3 is installed
  • OR php7-exif-7.2.5-lp151.6.3 is installed
  • OR php7-fastcgi-7.2.5-lp151.6.3 is installed
  • OR php7-fileinfo-7.2.5-lp151.6.3 is installed
  • OR php7-firebird-7.2.5-lp151.6.3 is installed
  • OR php7-fpm-7.2.5-lp151.6.3 is installed
  • OR php7-ftp-7.2.5-lp151.6.3 is installed
  • OR php7-gd-7.2.5-lp151.6.3 is installed
  • OR php7-gettext-7.2.5-lp151.6.3 is installed
  • OR php7-gmp-7.2.5-lp151.6.3 is installed
  • OR php7-iconv-7.2.5-lp151.6.3 is installed
  • OR php7-intl-7.2.5-lp151.6.3 is installed
  • OR php7-json-7.2.5-lp151.6.3 is installed
  • OR php7-ldap-7.2.5-lp151.6.3 is installed
  • OR php7-mbstring-7.2.5-lp151.6.3 is installed
  • OR php7-mysql-7.2.5-lp151.6.3 is installed
  • OR php7-odbc-7.2.5-lp151.6.3 is installed
  • OR php7-opcache-7.2.5-lp151.6.3 is installed
  • OR php7-openssl-7.2.5-lp151.6.3 is installed
  • OR php7-pcntl-7.2.5-lp151.6.3 is installed
  • OR php7-pdo-7.2.5-lp151.6.3 is installed
  • OR php7-pear-7.2.5-lp151.6.3 is installed
  • OR php7-pear-Archive_Tar-7.2.5-lp151.6.3 is installed
  • OR php7-pgsql-7.2.5-lp151.6.3 is installed
  • OR php7-phar-7.2.5-lp151.6.3 is installed
  • OR php7-posix-7.2.5-lp151.6.3 is installed
  • OR php7-readline-7.2.5-lp151.6.3 is installed
  • OR php7-shmop-7.2.5-lp151.6.3 is installed
  • OR php7-snmp-7.2.5-lp151.6.3 is installed
  • OR php7-soap-7.2.5-lp151.6.3 is installed
  • OR php7-sockets-7.2.5-lp151.6.3 is installed
  • OR php7-sodium-7.2.5-lp151.6.3 is installed
  • OR php7-sqlite-7.2.5-lp151.6.3 is installed
  • OR php7-sysvmsg-7.2.5-lp151.6.3 is installed
  • OR php7-sysvsem-7.2.5-lp151.6.3 is installed
  • OR php7-sysvshm-7.2.5-lp151.6.3 is installed
  • OR php7-testresults-7.2.5-lp151.6.3 is installed
  • OR php7-tidy-7.2.5-lp151.6.3 is installed
  • OR php7-tokenizer-7.2.5-lp151.6.3 is installed
  • OR php7-wddx-7.2.5-lp151.6.3 is installed
  • OR php7-xmlreader-7.2.5-lp151.6.3 is installed
  • OR php7-xmlrpc-7.2.5-lp151.6.3 is installed
  • OR php7-xmlwriter-7.2.5-lp151.6.3 is installed
  • OR php7-xsl-7.2.5-lp151.6.3 is installed
  • OR php7-zip-7.2.5-lp151.6.3 is installed
  • OR php7-zlib-7.2.5-lp151.6.3 is installed
  • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • mumble-1.3.2-lp152.2.3 is installed
  • OR mumble-32bit-1.3.2-lp152.2.3 is installed
  • OR mumble-server-1.3.2-lp152.2.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND shim-15+git47-25.11 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • libXvnc1-1.6.0-22.17 is installed
  • OR tigervnc-1.6.0-22.17 is installed
  • OR xorg-x11-Xvnc-1.6.0-22.17 is installed
  • BACK