Security update for shim
SUSE Security Update: Security update for shim
shim has been updated to fix three security issues:
* OOB read access when parsing DHCPv6 packets (remote DoS)
(CVE-2014-3675).
* Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6
boot option (RCE) (CVE-2014-3676).
* Memory corruption when processing user provided MOK lists
(CVE-2014-3677).
Security Issues:
* CVE-2014-3675
* CVE-2014-3676
* CVE-2014-3677
| Announcement ID: | SUSE-SU-2014:1619-1 |
| Rating: | important |
| References: | #813448 #863205 #866690 #875385 #889332 #889765 |
| Affected Products: |
An update that solves three vulnerabilities and has three fixes is now available. It includes two new package versions.
Description:
shim has been updated to fix three security issues:
* OOB read access when parsing DHCPv6 packets (remote DoS)
(CVE-2014-3675).
* Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6
boot option (RCE) (CVE-2014-3676).
* Memory corruption when processing user provided MOK lists
(CVE-2014-3677).
Security Issues:
* CVE-2014-3675
* CVE-2014-3676
* CVE-2014-3677
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-shim-2014-11-20-9997
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 3.0u]:
- gnu-efi-3.0u-0.7.2
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 0.7.318.81ee561d and 3.0u]:
- gnu-efi-3.0u-0.7.2
- shim-0.7.318.81ee561d-0.9.2
- SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 0.7.318.81ee561d and 3.0u]:
- gnu-efi-3.0u-0.7.2
- shim-0.7.318.81ee561d-0.9.2
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 0.7.318.81ee561d]:
- shim-0.7.318.81ee561d-0.9.2
References:
- http://support.novell.com/security/cve/CVE-2014-3675.html
- http://support.novell.com/security/cve/CVE-2014-3676.html
- http://support.novell.com/security/cve/CVE-2014-3677.html
- https://bugzilla.suse.com/show_bug.cgi?id=813448
- https://bugzilla.suse.com/show_bug.cgi?id=863205
- https://bugzilla.suse.com/show_bug.cgi?id=866690
- https://bugzilla.suse.com/show_bug.cgi?id=875385
- https://bugzilla.suse.com/show_bug.cgi?id=889332
- https://bugzilla.suse.com/show_bug.cgi?id=889765
- http://download.suse.com/patch/finder/?keywords=9aaff893726e6b56bde50850c3154ed1