[Buildroot] [git commit branch/2023.02.x] boot/shim: security bump to version 15.6
Peter Korsgaard
peter at korsgaard.com
Sat Jan 13 13:23:52 UTC 2024
commit: https://git.buildroot.net/buildroot/commit/?id=425dbe3b3df7e2858103c97f52dbf4e3e2405f3a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x
Fixes the following security issue:
CVE-2022-28737: There's a possible overflow in handle_image() when shim
tries to load and execute crafted EFI executables
https://github.com/advisories/GHSA-hmxr-46w2-jjwh
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit f29cbc6ce3def37d7dc4d99fa2a5cbdadc6369e9)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
boot/shim/shim.hash | 2 +-
boot/shim/shim.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash
index a0a9f06f35..c9c489fd2f 100644
--- a/boot/shim/shim.hash
+++ b/boot/shim/shim.hash
@@ -1,3 +1,3 @@
# locally computed hash
-sha256 8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297 shim-15.4.tar.bz2
+sha256 eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5 shim-15.6.tar.bz2
sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT
diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk
index 0a6d1527aa..bbef81cfc4 100644
--- a/boot/shim/shim.mk
+++ b/boot/shim/shim.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SHIM_VERSION = 15.4
+SHIM_VERSION = 15.6
SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
SHIM_LICENSE = BSD-2-Clause
More information about the buildroot
mailing list