* Cherry-pick security fixes from upstream:
- Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763
+ 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch
+ 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch
+ 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch
- Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764
+ 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch
+ 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch
+ 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch
- Fix build failure due to symbol collision in above patches:
+ 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch
+ 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch
+ 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch
- Fix integer overflow in CreateHob(), CVE-2022-36765
+ 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch
- Fix a buffer overflow via a long server ID option in DHCPv6
client, CVE-2023-45230:
+ 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
+ 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
+ 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
- Fix an out-of-bounds read vulnerability when processing the IA_NA
or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229:
+ 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
+ 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch
- Fix an out-of-bounds read when processing Neighbor Discovery
Redirect messages, CVE-2023-45231:
+ 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
+ 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
- Avoid an infinite loop when parsing unknown options in the
Destination Options header of IPv6, CVE-2023-45232:
+ 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
+ 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
- Avoid an infinite loop when parsing a PadN option in the
Destination Options header of IPv6, CVE-2023-45233:
+ 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
+ 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Fix a potential buffer overflow when processing a DNS Servers
option from a DHCPv6 Advertise message, CVE-2023-45234:
+ 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Fix a potential buffer overflow when handling a Server ID option
from a DHCPv6 proxy Advertise message, CVE-2023-45235:
+ 0012-MdePkg-Test-Add-gRT_GetTime-Google-Test-Mock.patch
+ 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Record fixes in a SecurityFix.yaml file:
+ 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
* Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
Thanks to Mate Kukri. LP: #2040137.
- Disable the built-in Shell when SecureBoot is enabled:
+ Disable-the-Shell-when-SecureBoot-is-enabled.patch
- d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active.
- d/tests: Update run_cmd_check_secure_boot() to not expect shell
interaction.
-- dann frazier <email address hidden> Mon, 12 Feb 2024 13:08:56 -0700
This bug was fixed in the package edk2 - 2023.05-2ubuntu0.1
--------------- 2ubuntu0. 1) mantic; urgency=medium
edk2 (2023.05-
* Cherry-pick security fixes from upstream: able(), CVE-2022-36763 g-DxeTpm2Measur eBootLib- SECURITY- PATCH-411. patch g-DxeTpmMeasure BootLib- SECURITY- PATCH-4117. patch g-Adding- CVE-2022- 36763-to- SecurityFixes. y.patch age(), CVE-2022-36764 g-DxeTpm2Measur eBootLib- SECURITY- PATCH-411- 2.patch g-DxeTpmMeasure BootLib- SECURITY- PATCH-4118. patch g-Adding- CVE-2022- 36764-to- SecurityFixes. y.patch g-DxeTpm2Measur eBootLib- SECURITY- PATCH-411- 3.patch g-DxeTpmMeasure BootLib- SECURITY- PATCH-4117- 2.patch g-Updating- SecurityFixes. yaml-after- symbol. patch dPkg-Hob- Integer- Overflow- in-CreateHob. patch -Dhcp6Dxe- SECURITY- PATCH-CVE- 2023-45230- Pa.patch -Add-Unit- tests-to- CI-and- create- Host-Test. patch -Dhcp6Dxe- SECURITY- PATCH-CVE- 2023-45230- Un.patch -Dhcp6Dxe- SECURITY- PATCH-CVE- 2023-45229- Pa.patch -Dhcp6Dxe- SECURITY- PATCH-CVE- 2023-45229- Un.patch -Ip6Dxe- SECURITY- PATCH-CVE- 2023-45231- Patc.patch -Ip6Dxe- SECURITY- PATCH-CVE- 2023-45231- Unit.patch -Ip6Dxe- SECURITY- PATCH-CVE- 2023-45232- Patc.patch -Ip6Dxe- SECURITY- PATCH-CVE- 2023-45232- Unit.patch -UefiPxeBcDxe- SECURITY- PATCH-CVE- 2023-4523. patch -UefiPxeBcDxe- SECURITY- PATCH-CVE- 2023-4523. patch -UefiPxeBcDxe- SECURITY- PATCH-CVE- 2023-4523. patch Test-Add- gRT_GetTime- Google- Test-Mock. patch -UefiPxeBcDxe- SECURITY- PATCH-CVE- 2023-4523. patch -Adds-a- SecurityFix. yaml-file. patch the-Shell- when-SecureBoot -is-enabled. patch check_secure_ boot() to not expect shell
- Fix heap buffer overflow in Tcg2MeasureGptT
+ 0001-SecurityPk
+ 0002-SecurityPk
+ 0003-SecurityPk
- Fix heap buffer overflow in Tcg2MeasurePeIm
+ 0001-SecurityPk
+ 0002-SecurityPk
+ 0003-SecurityPk
- Fix build failure due to symbol collision in above patches:
+ 0001-SecurityPk
+ 0002-SecurityPk
+ 0003-SecurityPk
- Fix integer overflow in CreateHob(), CVE-2022-36765
+ 0001-UefiPayloa
- Fix a buffer overflow via a long server ID option in DHCPv6
client, CVE-2023-45230:
+ 0001-NetworkPkg
+ 0002-NetworkPkg
+ 0003-NetworkPkg
- Fix an out-of-bounds read vulnerability when processing the IA_NA
or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229:
+ 0004-NetworkPkg
+ 0005-NetworkPkg
- Fix an out-of-bounds read when processing Neighbor Discovery
Redirect messages, CVE-2023-45231:
+ 0006-NetworkPkg
+ 0007-NetworkPkg
- Avoid an infinite loop when parsing unknown options in the
Destination Options header of IPv6, CVE-2023-45232:
+ 0008-NetworkPkg
+ 0009-NetworkPkg
- Avoid an infinite loop when parsing a PadN option in the
Destination Options header of IPv6, CVE-2023-45233:
+ 0010-NetworkPkg
+ 0011-NetworkPkg
- Fix a potential buffer overflow when processing a DNS Servers
option from a DHCPv6 Advertise message, CVE-2023-45234:
+ 0013-NetworkPkg
- Fix a potential buffer overflow when handling a Server ID option
from a DHCPv6 proxy Advertise message, CVE-2023-45235:
+ 0012-MdePkg-
+ 0014-NetworkPkg
- Record fixes in a SecurityFix.yaml file:
+ 0015-NetworkPkg
* Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
Thanks to Mate Kukri. LP: #2040137.
- Disable the built-in Shell when SecureBoot is enabled:
+ Disable-
- d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active.
- d/tests: Update run_cmd_
interaction.
-- dann frazier <email address hidden> Mon, 12 Feb 2024 13:08:56 -0700