SUSE-RU-2021:2464-1: moderate: Recommended update for shim

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Jul 23 16:17:53 UTC 2021


   SUSE Recommended Update: Recommended update for shim
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:2464-1
Rating:             moderate
References:         #1185232 #1185261 #1185441 #1185464 #1185961 
                    #1187071 #1187260 #1187696 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has 8 recommended fixes can now be installed.

Description:

   This update for shim fixes the following issues:

   - shim-install: Always assume "removable" for Azure to avoid the endless
     reset loop (bsc#1185464)
   - Avoid deleting the mirrored RT variables (bsc#1187696)
   - Split the keys in vendor-dbx.bin to vendor-dbx-sles and
     vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size
     of MokListXRT (bsc#1185261)
     + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
   - Handle ignore_db and user_insecure_mode correctly (bsc#1185441,
     bsc#1187071)
   - Relax the maximum variable size check for u-boot (bsc#1185621)
   - Relax the check for import_mok_state() when Secure Boot is off.
     (bsc#1185261)
   - Ignore the odd LoadOptions length (bsc#1185232)
   - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't
     exist
   - Fided the size of rela sections for AArch64
   - Disable exporting vendor-dbx to MokListXRT since writing a large RT
     variable could crash some machines (bsc#1185261)
   - Avoid potential crash when calling QueryVariableInfo in EFI 1.10
     machines (bsc#1187260)
   - Avoid buffer overflow when copying data to the MOK config table
     (bsc#1185232)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2464=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      shim-15.4-4.7.1
      shim-debuginfo-15.4-4.7.1
      shim-debugsource-15.4-4.7.1


References:

   https://bugzilla.suse.com/1185232
   https://bugzilla.suse.com/1185261
   https://bugzilla.suse.com/1185441
   https://bugzilla.suse.com/1185464
   https://bugzilla.suse.com/1185961
   https://bugzilla.suse.com/1187071
   https://bugzilla.suse.com/1187260
   https://bugzilla.suse.com/1187696



More information about the sle-updates mailing list