[SECURITY] Fedora 19 Update: shim-signed-0.8-2

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. This package contains the version signed by the UEFI signing service...

Oracle Linux 7 : shim (ELSA-2014-1801)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1801 advisory. - out-of-bounds memory read flaw in DHCPv6 packet processing Resolves: CVE-2014-3675 - heap-based buffer overflow flaw in IPv6 address parsing Resolves...

RHEL 7 : shim (RHSA-2014:1801)

Updated shim packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

Moderate: Red Hat Security Advisory: shim security update

Updated shim packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

[SECURITY] Fedora 21 Update: shim-0.8-1.fc22

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

CVE-2013-2598

app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory...

Memory corruption

app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory...

CVE-2013-2598

app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory...

CVE-2013-2598

The CVE affects the Little Kernel (LK) bootloader used in Qualcomm Innovation Center Android contributions for MSM devices. A vulnerability in app/aboot/aboot.c allows overwriting the bootloader’s signature-verification code when a crafted boot-image load-destination header specifies memory locat...

CVE-2014-0974

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

CVE-2014-4325

The cmdboot function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a...

CVE-2014-0973

The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...

Memory corruption

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

Authentication flaw

The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...

CVE-2014-4325

The cmdboot function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a...

CVE-2014-4325

CVE-2014-4325 affects the cmd_boot function in app/aboot/aboot.c within the Little Kernel (LK) bootloader used in Qualcomm Innovation Center Android contributions for MSM devices. The vulnerability allows bypassing device-lock and kernel-signature restrictions by using fastboot mode to boot an ar...

CVE-2014-0973

The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...

CVE-2014-0973

CVE-2014-0973 affects the Little Kernel (LK) bootloader used with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The image_verify function in platform/msm_shared/image_verify.c does not ensure the digest size is consistent with the RSA_public_decrypt API, enabling bypass...

CVE-2014-0974

The vulnerability CVE-2014-0974 affects the Little Kernel (LK) bootloader’s boot_linux_from_mmc function (app/aboot/aboot.c). The root cause is insufficient validation of a certain address value, which can allow an attacker to write data to a controllable memory location by initiating an attempte...

CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...