{"schema_version":"1.7.2","id":"OESA-2023-1121","modified":"2023-02-24T11:04:57Z","published":"2023-02-24T11:04:57Z","upstream":["CVE-2023-0286"],"summary":"shim security update","details":"Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"shim","purl":"pkg:rpm/openEuler/shim\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15-26.oe1"}]}],"ecosystem_specific":{"aarch64":["shim-15-26.oe1.aarch64.rpm"],"noarch":["shim-debuginfo-15-26.oe1.noarch.rpm","shim-debugsource-15-26.oe1.noarch.rpm"],"src":["shim-15-26.oe1.src.rpm"],"x86_64":["shim-15-26.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"shim","purl":"pkg:rpm/openEuler/shim\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15-26.oe1"}]}],"ecosystem_specific":{"aarch64":["shim-15-26.oe1.aarch64.rpm"],"noarch":["shim-debuginfo-15-26.oe1.noarch.rpm","shim-debugsource-15-26.oe1.noarch.rpm"],"src":["shim-15-26.oe1.src.rpm"],"x86_64":["shim-15-26.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"shim","purl":"pkg:rpm/openEuler/shim\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.6-9.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["shim-15.4-8.oe2203.aarch64.rpm","shim-15.6-9.oe2203sp1.aarch64.rpm"],"noarch":["shim-debugsource-15.4-8.oe2203.noarch.rpm","shim-debuginfo-15.4-8.oe2203.noarch.rpm","shim-debugsource-15.6-9.oe2203sp1.noarch.rpm","shim-debuginfo-15.6-9.oe2203sp1.noarch.rpm"],"src":["shim-15.4-8.oe2203.src.rpm","shim-15.6-9.oe2203sp1.src.rpm"],"x86_64":["shim-15.4-8.oe2203.x86_64.rpm","shim-15.6-9.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"shim","purl":"pkg:rpm/openEuler/shim\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.6-9.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["shim-15.6-9.oe2203sp1.aarch64.rpm"],"noarch":["shim-debugsource-15.6-9.oe2203sp1.noarch.rpm","shim-debuginfo-15.6-9.oe2203sp1.noarch.rpm"],"src":["shim-15.6-9.oe2203sp1.src.rpm"],"x86_64":["shim-15.6-9.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1121"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0286"}],"database_specific":{"severity":"High"}}