shim-signed 1.40.10 source package in Ubuntu

Changelog

shim-signed (1.40.10) focal; urgency=medium

  * New upstream version 15.8 (LP: #2051151):
    - pe: Align section size up to page size for mem attrs (LP: #2036604)
    - SBAT level: shim,4
    - SBAT policy:
      - Latest: "shim,4\ngrub,3\ngrub.debian,4\n"
      - Automatic: "shim,2\ngrub,3\ngrub.debian,4\n"
      - Note that this does not yet revoke pre NTFS CVE fix GRUB binaries.
  * SECURITY UPDATE: a bug in an error message [LP: #2051151]
    - mok: fix LogError() invocation
    - CVE-2023-40546
  * SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass
    when booting via HTTP [LP: #2051151]
    - avoid incorrectly trusting HTTP headers
    - CVE-2023-40547
  * SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151]
    - Fix integer overflow on SBAT section size on 32-bit system
    - CVE-2023-40548
  * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
    - Authenticode: verify that the signature header is in bounds.
    - CVE-2023-40549
  * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
    - pe: Fix an out-of-bound read in verify_buffer_sbat()
    - CVE-2023-40550
  * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
    - pe-relocate: Fix bounds check for MZ binaries
    - CVE-2023-40551

 -- Mate Kukri <email address hidden>  Thu, 04 Apr 2024 13:56:01 +0100

Upload details

Uploaded by:
Mate Kukri
Uploaded to:
Focal
Original maintainer:
Steve Langasek
Architectures:
amd64 arm64
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main utils

Builds

Focal: [FULLYBUILT] amd64 [FULLYBUILT] arm64

Downloads

File Size SHA-256 Checksum
shim-signed_1.40.10.tar.xz 903.2 KiB 0ce06d018721989d82d253716719f3f1866e324e03113c70199351ee51beef9b
shim-signed_1.40.10.dsc 1.8 KiB 178b1fb495be059e6574782c55afa00dbc608e5908193c8a9ad68241315db311

View changes file

Binary packages built by this source

shim-signed: Secure Boot chain-loading bootloader (Microsoft-signed binary)

 This package provides a minimalist boot loader which allows verifying
 signatures of other UEFI binaries against either the Secure Boot DB/DBX or
 against a built-in signature database. Its purpose is to allow a small,
 infrequently-changing binary to be signed by the UEFI CA, while allowing
 an OS distributor to revision their main bootloader independently of the CA.
 .
 This package contains the version of the bootloader binary signed by the
 Microsoft UEFI CA.