[SECURITY] [DLA 3813-1] shim security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3813-1] shim security update
From: rouca@debian.org
Date: Tue, 14 May 2024 09:57:15 +0000
Message-id: <[🔎] 2e64e5c208a6ffe33bdfc96ff8aa74ea.rouca@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3813-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
May 13, 2024                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : shim
Version        : 15.8-1~deb10u1
CVE ID         : CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
Debian Bug     : 1046268 1069054

This release fixes various issues in shim bootloader and updates it to
a supported version. Older versions of the shim may eventually be blocked
by Secure Boot, so it is strongly advised for Secure Boot enabled systems
to upgrade to this newer version to keep the system bootable.

For Debian 10 buster, this problem has been fixed in version
15.8-1~deb10u1.

We recommend that you upgrade your shim packages.

For the detailed security status of shim please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/shim

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZDNWsACgkQADoaLapB
CF/8lBAAmJ21KC1L5aaliTpiyF5Bij3Cj8Bo+7q9I9YtWuQ5wsv6j35NcKV+t/Uc
pILXg0srwvzLEtC9EIdy1t2I+0d7/plUOlis+N1ITYobmTvv1YY5e8rwpnrmowzO
KrdB44Bqox0jP1CYDuCNGYt/aNYRAwOkM2lHwWSnBCE8/n5wfbvvTHPPv65d4Gxs
golf+xIjFGgHYBSk5WterjcMbirwbGtjuMAgCVkOfXkkMcoiI9EbfXIUzaR9Nobd
CAKOc16uRJCS6jzYBu9JVMPawMo0rKllx4LJc4REdUzzzrKrq3u9iwK9lM0H3NB6
0zjp6KAzJrKxZ6yxkSX/NDsGoy1V/xVUMLCwi2TjgVWpmrVPcOccL2lVg7MLTaP3
z/06G8JFDrT+BTh+zT8uyg3XBRv44aRIw2Wv6xs1Ilgwl22oen+wP83ANB6EngLS
VyVhYWi/PadOF3cBJx5APpZDZScTxyVfqy2IhYi7d/Vp1I4x1OekSVqwgHfD+gwG
83YuW/btOMYK0Jg3jalGkk5bQ6uqYCpz11liWregpVkD2igONNv1o5Y3aYgrUqPp
9JSHPnl9aYJb1fDCzG6VpNCWML6aJU+8ugvcUQqfnncsWRtVrlT+kEylpQUOeK1o
lxIe8XeAxv6/AD0Eh0daE95qBHOqF140G+EE8jE+UH5Rc6zt7N4=
=9xvL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3814-1] glib2.0 security update
Next by Date: [SECURITY] [DLA 3815-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 3814-1] glib2.0 security update
Next by thread: [SECURITY] [DLA 3815-1] firefox-esr security update
Index(es):
- Date
- Thread