Updated shim packages that fix three security issues are now available forRed Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Shim is the initial UEFI bootloader that handles chaining to a trusted fullbootloader under secure boot environments.A heap-based buffer overflow flaw was found the way shim parsed certainIPv6 addresses. If IPv6 network booting was enabled, a malicious servercould supply a crafted IPv6 address that would cause shim to crash or,potentially, execute arbitrary code. (CVE-2014-3676)An out-of-bounds memory write flaw was found in the way shim processedcertain Machine Owner Keys (MOKs). A local attacker could potentially usethis flaw to execute arbitrary code on the system. (CVE-2014-3677)An out-of-bounds memory read flaw was found in the way shim parsed certainIPv6 packets. A specially crafted DHCPv6 packet could possibly cause shimto crash, preventing the system from booting if IPv6 booting was enabled.(CVE-2014-3675)Red Hat would like to thank the SUSE Security Team for reporting theseissues.All shim users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The system must berebooted for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
shim-0.7-8.el7_0.src.rpm
    MD5: 2cf4e9924f95f15d104fb8cbb3e11978SHA-256: a9c17843e4093ccc0fb1d1b5f11babd72c7109d28b73a8238a7c87e113a6f9aa
shim-signed-0.7-8.el7_0.src.rpm
    MD5: 0c4234717f31f7cbaaee40948cf7b583SHA-256: 991368509ed5d282aee12e30d71bdbd35f301607fc45f4ab629b86aaaadf4fd6
 
x86_64:
mokutil-0.7-8.el7_0.x86_64.rpm
    MD5: 12419c800a7c225a8908512bd65e1a59SHA-256: 3f08572c17d094b18f1a2e3e2ba06cf9e6b28bf7a06c125bce12269c5a955cd6
shim-0.7-8.el7_0.x86_64.rpm
    MD5: fc1297dc465d50c02160b535a055738aSHA-256: 66ba9bf07476a83ccedf0b1c7eb1f6767992af1635cc2545c45f5db7056aa4ca
shim-debuginfo-0.7-8.el7_0.x86_64.rpm
    MD5: 0b83a5e793f360062e2efdc3cdf1066cSHA-256: 5f23867f37af53419e12d9d9a12b746b8f222b0e2b57cd7084a8886053967b0f
shim-unsigned-0.7-8.el7_0.x86_64.rpm
    MD5: b79e3ef8be8557ad643e5eed1ab4e53cSHA-256: 9ad771855db4df4d0c855c9c33614cd1687b9201d6112a635529a57e03582c71
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
shim-0.7-8.el7_0.src.rpm
    MD5: 2cf4e9924f95f15d104fb8cbb3e11978SHA-256: a9c17843e4093ccc0fb1d1b5f11babd72c7109d28b73a8238a7c87e113a6f9aa
shim-signed-0.7-8.el7_0.src.rpm
    MD5: 0c4234717f31f7cbaaee40948cf7b583SHA-256: 991368509ed5d282aee12e30d71bdbd35f301607fc45f4ab629b86aaaadf4fd6
 
x86_64:
mokutil-0.7-8.el7_0.x86_64.rpm
    MD5: 12419c800a7c225a8908512bd65e1a59SHA-256: 3f08572c17d094b18f1a2e3e2ba06cf9e6b28bf7a06c125bce12269c5a955cd6
shim-0.7-8.el7_0.x86_64.rpm
    MD5: fc1297dc465d50c02160b535a055738aSHA-256: 66ba9bf07476a83ccedf0b1c7eb1f6767992af1635cc2545c45f5db7056aa4ca
shim-debuginfo-0.7-8.el7_0.x86_64.rpm
    MD5: 0b83a5e793f360062e2efdc3cdf1066cSHA-256: 5f23867f37af53419e12d9d9a12b746b8f222b0e2b57cd7084a8886053967b0f
shim-unsigned-0.7-8.el7_0.x86_64.rpm
    MD5: b79e3ef8be8557ad643e5eed1ab4e53cSHA-256: 9ad771855db4df4d0c855c9c33614cd1687b9201d6112a635529a57e03582c71
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
shim-0.7-8.el7_0.src.rpm
    MD5: 2cf4e9924f95f15d104fb8cbb3e11978SHA-256: a9c17843e4093ccc0fb1d1b5f11babd72c7109d28b73a8238a7c87e113a6f9aa
shim-signed-0.7-8.el7_0.src.rpm
    MD5: 0c4234717f31f7cbaaee40948cf7b583SHA-256: 991368509ed5d282aee12e30d71bdbd35f301607fc45f4ab629b86aaaadf4fd6
 
x86_64:
mokutil-0.7-8.el7_0.x86_64.rpm
    MD5: 12419c800a7c225a8908512bd65e1a59SHA-256: 3f08572c17d094b18f1a2e3e2ba06cf9e6b28bf7a06c125bce12269c5a955cd6
shim-0.7-8.el7_0.x86_64.rpm
    MD5: fc1297dc465d50c02160b535a055738aSHA-256: 66ba9bf07476a83ccedf0b1c7eb1f6767992af1635cc2545c45f5db7056aa4ca
shim-debuginfo-0.7-8.el7_0.x86_64.rpm
    MD5: 0b83a5e793f360062e2efdc3cdf1066cSHA-256: 5f23867f37af53419e12d9d9a12b746b8f222b0e2b57cd7084a8886053967b0f
shim-unsigned-0.7-8.el7_0.x86_64.rpm
    MD5: b79e3ef8be8557ad643e5eed1ab4e53cSHA-256: 9ad771855db4df4d0c855c9c33614cd1687b9201d6112a635529a57e03582c71
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
shim-0.7-8.el7_0.src.rpm
    MD5: 2cf4e9924f95f15d104fb8cbb3e11978SHA-256: a9c17843e4093ccc0fb1d1b5f11babd72c7109d28b73a8238a7c87e113a6f9aa
shim-signed-0.7-8.el7_0.src.rpm
    MD5: 0c4234717f31f7cbaaee40948cf7b583SHA-256: 991368509ed5d282aee12e30d71bdbd35f301607fc45f4ab629b86aaaadf4fd6
 
x86_64:
mokutil-0.7-8.el7_0.x86_64.rpm
    MD5: 12419c800a7c225a8908512bd65e1a59SHA-256: 3f08572c17d094b18f1a2e3e2ba06cf9e6b28bf7a06c125bce12269c5a955cd6
shim-0.7-8.el7_0.x86_64.rpm
    MD5: fc1297dc465d50c02160b535a055738aSHA-256: 66ba9bf07476a83ccedf0b1c7eb1f6767992af1635cc2545c45f5db7056aa4ca
shim-debuginfo-0.7-8.el7_0.x86_64.rpm
    MD5: 0b83a5e793f360062e2efdc3cdf1066cSHA-256: 5f23867f37af53419e12d9d9a12b746b8f222b0e2b57cd7084a8886053967b0f
shim-unsigned-0.7-8.el7_0.x86_64.rpm
    MD5: b79e3ef8be8557ad643e5eed1ab4e53cSHA-256: 9ad771855db4df4d0c855c9c33614cd1687b9201d6112a635529a57e03582c71
 
(The unlinked packages above are only available from the Red Hat Network)
1148230 – CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing1148231 – CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing1148232 – CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply