An update for shim is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1371 Final 1.0 1.0 2026-02-13 Initial 2026-02-13 2026-02-13 openEuler SA Tool V1.0 2026-02-13 shim security update An update for shim is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4 Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fix(es): Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.(CVE-2025-69421) An update for shim is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High shim https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1371 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 shim-15.6-27.oe2203sp4.aarch64.rpm shim-debuginfo-15.6-27.oe2203sp4.aarch64.rpm shim-debugsource-15.6-27.oe2203sp4.aarch64.rpm shim-15.7-20.oe2403.aarch64.rpm shim-debuginfo-15.7-20.oe2403.aarch64.rpm shim-debugsource-15.7-20.oe2403.aarch64.rpm shim-signed-15.7-20.oe2403.aarch64.rpm shim-15.7-20.oe2403sp1.aarch64.rpm shim-debuginfo-15.7-20.oe2403sp1.aarch64.rpm shim-debugsource-15.7-20.oe2403sp1.aarch64.rpm shim-signed-15.7-20.oe2403sp1.aarch64.rpm shim-15.7-20.oe2403sp2.aarch64.rpm shim-debuginfo-15.7-20.oe2403sp2.aarch64.rpm shim-debugsource-15.7-20.oe2403sp2.aarch64.rpm shim-signed-15.7-20.oe2403sp2.aarch64.rpm shim-15.7-20.oe2403sp3.aarch64.rpm shim-debuginfo-15.7-20.oe2403sp3.aarch64.rpm shim-debugsource-15.7-20.oe2403sp3.aarch64.rpm shim-signed-15.7-20.oe2403sp3.aarch64.rpm shim-15-39.oe2003sp4.aarch64.rpm shim-15.6-27.oe2203sp4.src.rpm shim-15.7-20.oe2403.src.rpm shim-15.7-20.oe2403sp1.src.rpm shim-15.7-20.oe2403sp2.src.rpm shim-15.7-20.oe2403sp3.src.rpm shim-15-39.oe2003sp4.src.rpm shim-15.6-27.oe2203sp4.x86_64.rpm shim-debuginfo-15.6-27.oe2203sp4.x86_64.rpm shim-debugsource-15.6-27.oe2203sp4.x86_64.rpm shim-15.7-20.oe2403.x86_64.rpm shim-debuginfo-15.7-20.oe2403.x86_64.rpm shim-debugsource-15.7-20.oe2403.x86_64.rpm shim-signed-15.7-20.oe2403.x86_64.rpm shim-15.7-20.oe2403sp1.x86_64.rpm shim-debuginfo-15.7-20.oe2403sp1.x86_64.rpm shim-debugsource-15.7-20.oe2403sp1.x86_64.rpm shim-signed-15.7-20.oe2403sp1.x86_64.rpm shim-15.7-20.oe2403sp2.x86_64.rpm shim-debuginfo-15.7-20.oe2403sp2.x86_64.rpm shim-debugsource-15.7-20.oe2403sp2.x86_64.rpm shim-signed-15.7-20.oe2403sp2.x86_64.rpm shim-15.7-20.oe2403sp3.x86_64.rpm shim-debuginfo-15.7-20.oe2403sp3.x86_64.rpm shim-debugsource-15.7-20.oe2403sp3.x86_64.rpm shim-signed-15.7-20.oe2403sp3.x86_64.rpm shim-15-39.oe2003sp4.x86_64.rpm shim-debuginfo-15-39.oe2003sp4.noarch.rpm shim-debugsource-15-39.oe2003sp4.noarch.rpm Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. 2026-02-13 CVE-2025-69421 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H shim security update 2026-02-13 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1371