Happy new Shim! (CVE-2023-40547 remote code execution vulnerability was found in Shim)

Feels like log4j. AARRGHH

1 Like

This CVE does not apply to IPFire as IPFire does not have or use the shim package.

It is used for secure boot and also to allow booting an image remotely via the HTTP protocol. IPFire does neither of these things.

If CVE’s are going to be posted it would help to review them first to make sure they actually are relevant to IPFire so forum users are not panicked.


I think that was the reason this was posted. The user did not know if this was relevant to IPFire or not.

I do not believe their intent was to panic the masses.

Then an accompanying message that said
“I found these CVE’s, does anyone know if they apply to IPFire or not”

would have been better than
“Feels like log4j. AARRGHH”