shim 15.8-0ubuntu1 source package in Ubuntu
Changelog
shim (15.8-0ubuntu1) mantic; urgency=medium * New upstream version 15.8 (LP: #2051151): - pe: Align section size up to page size for mem attrs (LP: #2036604) - SBAT level: shim,4 - SBAT policy: - Latest: "shim,4\ngrub,3\ngrub.debian,4\n" - Automatic: "shim,2\ngrub,3\ngrub.debian,4\n" - Note that this does not yet revoke pre NTFS CVE fix GRUB binaries. * SECURITY UPDATE: a bug in an error message [LP: #2051151] - mok: fix LogError() invocation - CVE-2023-40546 * SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass when booting via HTTP [LP: #2051151] - avoid incorrectly trusting HTTP headers - CVE-2023-40547 * SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151] - Fix integer overflow on SBAT section size on 32-bit system - CVE-2023-40548 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - Authenticode: verify that the signature header is in bounds. - CVE-2023-40549 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - pe: Fix an out-of-bound read in verify_buffer_sbat() - CVE-2023-40550 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - pe-relocate: Fix bounds check for MZ binaries - CVE-2023-40551 * debian/rules: Update COMMIT_ID -- Mate Kukri <email address hidden> Thu, 25 Jan 2024 08:55:28 +0000
Upload details
- Uploaded by:
- Mate Kukri
- Uploaded to:
- Mantic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- amd64 arm64
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Focal | updates | main | admin | |
Jammy | updates | main | admin | |
Noble | release | main | admin |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
shim_15.8.orig.tar.bz2 | 2.2 MiB | a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9 |
shim_15.8-0ubuntu1.debian.tar.xz | 21.1 KiB | 15ed98489d54aa882aab5977dfc654e62c14c6bd5f72c785d4a34e2cbb1099b4 |
shim_15.8-0ubuntu1.dsc | 1.8 KiB | 486f34b05fb2b22189c4a08b7bfc34644ee816185dc8713a5917334cfa1be36f |
Available diffs
Binary packages built by this source
- shim: boot loader to chain-load signed boot loaders under Secure Boot
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the CA.
- shim-dbg: boot loader to chain-load signed boot loaders under Secure Boot (dbg symbols)
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the CA.
.
Debug symbols.