 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 10 Feb 2015 16:02:26 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On Tue, 10 Feb 2015, Connie Sieh wrote:
> Synopsis: Moderate: shim security update
> Advisory ID: SLSA-2014:1801-1
> Issue Date: 2014-11-04
> CVE Numbers: CVE-2014-3675
> CVE-2014-3676
> CVE-2014-3677
> --
>
> A heap-based buffer overflow flaw was found the way shim parsed certain
> IPv6 addresses. If IPv6 network booting was enabled, a malicious server
> could supply a crafted IPv6 address that would cause shim to crash or,
> potentially, execute arbitrary code. (CVE-2014-3676)
>
> An out-of-bounds memory write flaw was found in the way shim processed
> certain Machine Owner Keys (MOKs). A local attacker could potentially use
> this flaw to execute arbitrary code on the system. (CVE-2014-3677)
>
> An out-of-bounds memory read flaw was found in the way shim parsed certain
> IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim
> to crash, preventing the system from booting if IPv6 booting was enabled.
> (CVE-2014-3675)
>
> The system must be rebooted for this update to take effect.
> --
>
> SL7
> x86_64
> mokutil-0.7-8.el7_0.x86_64.rpm
> shim-0.7-8.el7_0.x86_64.rpm
> shim-debuginfo-0.7-8.el7_0.x86_64.rpm
> shim-unsigned-0.7-8.el7_0.x86_64.rpm
>
> - Scientific Linux Development Team
>
These are really sl7_0 and not el7_0 .
--
Connie J. Sieh
Computing Services Specialist III
Fermi National Accelerator Laboratory
630 840 8531 office
http://www.fnal.gov
[log in to unmask]
|
|
|
