SUSE-SU-2024:1368-1 Security update for shim

This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of fde-tpm-helper-macros to the distro with suseversion 1600 and above bsc1219460 Update to version 15.8: Security issues fixed: - mok: fix LogError invocation...

RHEL 9 : shim update (Important) (RHSA-2024:1903)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1903 advisory. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...

CVE-2023-39969

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...

Design/Logic Flaw

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...

CVE-2023-39969 uthenticode signature validation bypass vulnerability

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...

CVE-2023-39969 uthenticode signature validation bypass vulnerability

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...

CVE-2023-39969

CVE-2023-39969 affects uthenticode, a cross-platform library for partial Authenticode verification. In version 1.0.9, the library hashed the entire file instead of hashing sections by virtual address, violating the Authenticode spec and enabling an attacker to modify binary code without altering ...

CVE-2023-40012 uthenticode EKU validation bypass

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

uthenticode security breach

Authenticode is Trail of Bits open source a small cross-platform library . Used to partially verify Authenticode digital signatures . A security vulnerability exists in versions prior to uthenticode 2.0.0 , the vulnerability stems from not checking the extended key usage in the certificate ,...

PT-2023-27181 · Unknown · Uthenticode

Name of the Vulnerable Software and Affected Versions: uthenticode version 1.0.9 Description: uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address,...

uthenticode Data Forgery Issue Vulnerability

Authenticode is Trail of Bits open source a small cross-platform library . Used to partially verify Authenticode digital signatures. A data forgery issue vulnerability exists in uthenticode version 1.0.9, which stems from a vulnerability that allows an attacker to modify code in a binary file...

The vulnerability of the AuthenticodeDeformatter class in the Mono application development platform allows attackers to perform spoofing attacks.

The vulnerability of the AuthenticodeDeformatter class in the Mono application development platform is related to errors in the user interface’s information representation during the loading of the Mono.Security.dll library. Exploiting this vulnerability allows a malicious actor to perform spoofi...

CVE-2023-35373

Mono Authenticode Validation Spoofing Vulnerability...