Update for gnu-efi, pesign, shim
shim was updated to fix several security issues.
- OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675).
- Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676).
- Memory corruption when processing user provided MOK lists (CVE-2014-3677).
More information is available at https://bugzilla.novell.com/show_bug.cgi?id=889332
To enable this update gnu-efi was updated to 3.0u and pesign to version 0.109
-
Submitted by
Johannes Segitz (jsegitz)
Message
This update requires you to confirm a dialog on the first reboot after installing the update! This is only
necessary once.
Fixed bugs
bnc#813079
shim in ESP wasn't updated after package updating
bnc#877003
RSOD comes when it boot from virtual media after invalid UEFI PXE
bnc#889765
GRUB shows broken letters at boot
bnc#808106
shim didn't count signatures correctly
bnc#798043
shim doesn't get the name of the second stage loader right
bnc#807760
Correct the PXE second stage boot loader name in shim
bnc#875385
Failed to boot the encrypted root partition in a UEFI machine
bnc#863205
Deleting a hash from MOK/MOKX list could corrupt the list
bnc#889332
VUL-0: EMBARGOED: CVE-2014-3676: shim: buffer overflow and OOB access in shim trusted code path
bnc#873857
/var/run is deprecated
bnc#841426
Upgrading to Beta1 from previous milestone made my laptop unbootable (UEFI support broken)
bnc#866690
grub2 efi failed to show the boot menu
bnc#872503
Optical Disk Drive(UEFI) boot fail under UEFI secure boot enabled on HP firmware.
bnc#813448
shim: find a way to avoid packaging a binary
bnc#867974
shim with Microsoft certificate is refused to boot
