File _patchinfo of Package patchinfo.13675
<patchinfo incident="13675">
<issue tracker="bnc" id="1175626">Recent update run on August 21, 2020 kills bootloader</issue>
<issue tracker="bnc" id="1175656">Pending MOK request forced bootx64.efi to shut down the system</issue>
<issue tracker="bnc" id="1121268">GCC 9: shim build fails</issue>
<issue tracker="bnc" id="1174320">shim-install uses wrong paths for EFI files</issue>
<issue tracker="bnc" id="1153953">Leap 42.3 boot error snapshot missing</issue>
<issue tracker="bnc" id="1173411">SLES 15 sp2 fails to boot with older uefi with Failed to set MokListRT: Invalid Parameter</issue>
<issue tracker="bnc" id="1168994">VUL-0: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restrictions</issue>
<issue tracker="bnc" id="1113225">shim build failed with hash is unmatched</issue>
<issue tracker="bnc" id="1168104">Issue with Patch openSUSE-2020-401</issue>
<packager>jsegitz</packager>
<rating>moderate</rating>
<category>recommended</category>
<summary>Recommended update for shim</summary>
<description>This update for shim fixes the following issues:
- Updated openSUSE signature
- Update the path to grub-tpm.efi in shim-install (boo#1174320)
- Use vendor-dbx to block old SUSE/openSUSE signkeys (boo#1168994)
+ Add dbx-cert.tar.xz which contains the certificates to block
and a script, generate-vendor-dbx.sh, to generate
vendor-dbx.bin
+ Add vendor-dbx.bin as the vendor dbx to block unwanted keys
- Only check EFI variable copying when Secure Boot is enabled (boo#1173411)
- Use the full path of efibootmgr to avoid errors when invoking
shim-install from packagekitd (boo#1168104)
- shim-install: add check for btrfs is used as root file system to enable
relative path lookup for file. (boo#1153953)
- Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary
(boo#1113225)
- shim-install: install MokManager to \EFI\boot to process the
pending MOK request (bsc#1175626, bsc#1175656)
</description>
</patchinfo>
