-
Security Vulnerability
-
Resolution: Fixed
-
Normal
-
None
-
None
-
None
-
Security vulnerability
We need update shim to 15.6 to fix 7 associated CVE's, fixed in Fedora since 15.3-1.
From the latest spec:
* Wed Mar 24 2021 Peter Jones <pjones@redhat.com> - 15.3-0~1 - Update to shim 15.3 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233
We need update app-arch/rpm2targz to 2021.03.16, to unpack new RPM v3.0 bin i386/x86_64. Take a look:
# emerge shim Calculating dependencies... done! >>> Verifying ebuild manifests >>> Emerging (1 of 1) sys-boot/shim-15.6::overlay-local * shim-x64-15.6-2.x86_64.rpm BLAKE2B SHA512 size ;-) ... [ ok ] * shim-ia32-15.6-2.x86_64.rpm BLAKE2B SHA512 size ;-) ... [ ok ] >>> Unpacking source... >>> Unpacking shim-x64-15.6-2.x86_64.rpm to /var/tmp/portage/sys-boot/shim-15.6/work lzma: (stdin): File format not recognized rpm2tar: /var/tmp/portage/sys-boot/shim-15.6/distdir/shim-x64-15.6-2.x86_64.rpm: failed to extract cpio via lzma (not actually an RPM ?) tar: This does not look like a tar archive tar: Exiting with failure status due to previous errors
# rpm2tar /var/cache/portage/distfiles/shim-x64-15.6-2.x86_64.rpm lzma: (stdin): File format not recognized rpm2tar: /var/cache/portage/distfiles/shim-x64-15.6-2.x86_64.rpm: failed to extract cpio via lzma (not actually an RPM?)