Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-10291

sys-boot/shim-15.5 has 7 associated CVEs

Details

    • Security Vulnerability
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • None
    • Security vulnerability

    Description

      We need update shim to 15.6 to fix 7 associated CVE's,  fixed in Fedora since 15.3-1.

      From the latest spec:

      * Wed Mar 24 2021 Peter Jones <pjones@redhat.com> - 15.3-0~1
      - Update to shim 15.3
        - Support for revocations via the ".sbat" section and SBAT EFI variable
        - A new unit test framework and a bunch of unit tests
        - No external gnu-efi dependency
        - Better CI
        Resolves: CVE-2020-14372
        Resolves: CVE-2020-25632
        Resolves: CVE-2020-25647
        Resolves: CVE-2020-27749
        Resolves: CVE-2020-27779
        Resolves: CVE-2021-20225
        Resolves: CVE-2021-20233

       

      We need update app-arch/rpm2targz to 2021.03.16, to unpack new  RPM v3.0 bin i386/x86_64. Take a look:

      # emerge shim  
      Calculating dependencies... done! 
      
      >>> Verifying ebuild manifests 
      
      >>> Emerging (1 of 1) sys-boot/shim-15.6::overlay-local 
      * shim-x64-15.6-2.x86_64.rpm BLAKE2B SHA512 size ;-) ...                                                                     [ ok ] 
      * shim-ia32-15.6-2.x86_64.rpm BLAKE2B SHA512 size ;-) ...                                                                    [ ok ] 
      >>> Unpacking source... 
      >>> Unpacking shim-x64-15.6-2.x86_64.rpm to /var/tmp/portage/sys-boot/shim-15.6/work 
      lzma: (stdin): File format not recognized 
      rpm2tar: /var/tmp/portage/sys-boot/shim-15.6/distdir/shim-x64-15.6-2.x86_64.rpm: failed to extract cpio via lzma (not actually an RPM
      ?) 
      tar: This does not look like a tar archive 
      tar: Exiting with failure status due to previous errors
      # rpm2tar /var/cache/portage/distfiles/shim-x64-15.6-2.x86_64.rpm 
      lzma: (stdin): File format not recognized 
      rpm2tar: /var/cache/portage/distfiles/shim-x64-15.6-2.x86_64.rpm: failed to extract cpio via lzma (not actually an RPM?)

      Attachments

        Activity

          People

            Unassigned Unassigned
            coffnix coffnix
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: