RHSA-2024:1959: Important: shim security update
First published: Tue Apr 23 2024(Updated: )
Important: shim security update
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/shim | <15.8-3.el7 | 15.8-3.el7 |
| redhat/shim-signed | <15.8-1.el7 | 15.8-1.el7 |
| redhat/mokutil | <15.8-1.el7 | 15.8-1.el7 |
| redhat/mokutil-debuginfo | <15.8-1.el7 | 15.8-1.el7 |
| redhat/shim-ia32 | <15.8-1.el7 | 15.8-1.el7 |
| redhat/shim-unsigned-ia32 | <15.8-3.el7 | 15.8-3.el7 |
| redhat/shim-unsigned-x64 | <15.8-3.el7 | 15.8-3.el7 |
| redhat/shim-x64 | <15.8-1.el7 | 15.8-1.el7 |
| Red Hat Enterprise Linux for Scientific Computing | ||
| Red Hat Enterprise Linux 8 | ||
| Red Hat Enterprise Linux | ||
| Red Hat Enterprise Linux Workstation Supplementary | ||
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:1959 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2234589
- https://bugzilla.redhat.com/show_bug.cgi?id=2241782
- https://bugzilla.redhat.com/show_bug.cgi?id=2241796
- https://bugzilla.redhat.com/show_bug.cgi?id=2241797
- https://bugzilla.redhat.com/show_bug.cgi?id=2259915
- https://bugzilla.redhat.com/show_bug.cgi?id=2259918
- https://issues.redhat.com/browse/RHEL-2155
- https://issues.redhat.com/browse/RHEL-4382
- https://issues.redhat.com/browse/RHEL-4390
- https://access.redhat.com/security/updates/classification/#important
Frequently Asked Questions
What is the severity of RHSA-2024:1959?
The severity of RHSA-2024:1959 is classified as Important.
How do I fix RHSA-2024:1959?
To address RHSA-2024:1959, you should update the affected shim packages to version 15.8-3.el7 or later.
What vulnerability does RHSA-2024:1959 address?
RHSA-2024:1959 addresses a remote code execution vulnerability in HTTP boot support that may lead to Secure Boot bypass (CVE-2023-40547).
Which systems are affected by RHSA-2024:1959?
RHSA-2024:1959 affects various editions of Red Hat Enterprise Linux, including Server, Desktop, Scientific Computing, and Workstation.
What packages are impacted by RHSA-2024:1959?
The packages impacted by RHSA-2024:1959 include shim, shim-signed, mokutil, and related shim-unsigned and shim-ia32 packages.
- agent/severity
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/title
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2024:1959
- agent/software-canonical-lookup
- agent/source
- agent/event
- agent/softwarecombine
- agent/tags
- collector/redhat-errata-latest
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/red hat
- canonical/red hat enterprise linux for scientific computing
- canonical/red hat enterprise linux 8
- canonical/red hat enterprise linux
- canonical/red hat enterprise linux workstation supplementary
- canonical/red hat enterprise linux server - extended life cycle support (for ibm z systems)