This bug was fixed in the package shim - 15.8-0ubuntu1
--------------- shim (15.8-0ubuntu1) mantic; urgency=medium
* New upstream version 15.8 (LP: #2051151): - pe: Align section size up to page size for mem attrs (LP: #2036604) - SBAT level: shim,4 - SBAT policy: - Latest: "shim,4\ngrub,3\ngrub.debian,4\n" - Automatic: "shim,2\ngrub,3\ngrub.debian,4\n" - Note that this does not yet revoke pre NTFS CVE fix GRUB binaries. * SECURITY UPDATE: a bug in an error message [LP: #2051151] - mok: fix LogError() invocation - CVE-2023-40546 * SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass when booting via HTTP [LP: #2051151] - avoid incorrectly trusting HTTP headers - CVE-2023-40547 * SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151] - Fix integer overflow on SBAT section size on 32-bit system - CVE-2023-40548 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - Authenticode: verify that the signature header is in bounds. - CVE-2023-40549 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - pe: Fix an out-of-bound read in verify_buffer_sbat() - CVE-2023-40550 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - pe-relocate: Fix bounds check for MZ binaries - CVE-2023-40551 * debian/rules: Update COMMIT_ID
-- Mate Kukri <email address hidden> Thu, 25 Jan 2024 08:55:28 +0000
This bug was fixed in the package shim - 15.8-0ubuntu1
---------------
shim (15.8-0ubuntu1) mantic; urgency=medium
* New upstream version 15.8 (LP: #2051151): ngrub,3\ ngrub.debian, 4\n" ngrub,3\ ngrub.debian, 4\n" buffer_ sbat()
- pe: Align section size up to page size for mem attrs (LP: #2036604)
- SBAT level: shim,4
- SBAT policy:
- Latest: "shim,4\
- Automatic: "shim,2\
- Note that this does not yet revoke pre NTFS CVE fix GRUB binaries.
* SECURITY UPDATE: a bug in an error message [LP: #2051151]
- mok: fix LogError() invocation
- CVE-2023-40546
* SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass
when booting via HTTP [LP: #2051151]
- avoid incorrectly trusting HTTP headers
- CVE-2023-40547
* SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151]
- Fix integer overflow on SBAT section size on 32-bit system
- CVE-2023-40548
* SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
- Authenticode: verify that the signature header is in bounds.
- CVE-2023-40549
* SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
- pe: Fix an out-of-bound read in verify_
- CVE-2023-40550
* SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]
- pe-relocate: Fix bounds check for MZ binaries
- CVE-2023-40551
* debian/rules: Update COMMIT_ID
-- Mate Kukri <email address hidden> Thu, 25 Jan 2024 08:55:28 +0000