-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Feb 2024 13:43:50 -0700 Source: edk2 Architecture: source Version: 2022.11-6+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org> Closes: 1060408 1061256 Changes: edk2 (2022.11-6+deb12u1) bookworm-security; urgency=medium . * Cherry-pick security fixes from upstream: - Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch + 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch - Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch + 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch - Fix build failure due to symbol collision in above patches: + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch + 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch - Fix integer overflow in CreateHob(), CVE-2022-36765 + 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch - Fix a buffer overflow via a long server ID option in DHCPv6 client, CVE-2023-45230: + 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch + 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch + 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch - Fix an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229: + 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch + 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch - Fix an out-of-bounds read when processing Neighbor Discovery Redirect messages, CVE-2023-45231: + 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch + 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch - Avoid an infinite loop when parsing unknown options in the Destination Options header of IPv6, CVE-2023-45232: + 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch + 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch - Avoid an infinite loop when parsing a PadN option in the Destination Options header of IPv6, CVE-2023-45233: + 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch + 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Fix a potential buffer overflow when processing a DNS Servers option from a DHCPv6 Advertise message, CVE-2023-45234: + 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Fix a potential buffer overflow when handling a Server ID option from a DHCPv6 proxy Advertise message, CVE-2023-45235: + 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Record fixes in a SecurityFix.yaml file: + 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch - (Closes: #1060408, #1061256) * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733. Thanks to Mate Kukri. LP: #2040137. - Disable the built-in Shell when SecureBoot is enabled: + Disable-the-Shell-when-SecureBoot-is-enabled.patch - d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active. - d/tests: Update run_cmd_check_secure_boot() to not expect shell interaction. Checksums-Sha1: e997f46a409d71e462e4dc4c449a58b08aeac640 2709 edk2_2022.11-6+deb12u1.dsc 988d702f92d9a6421eed9955d13bca7c2824f9d7 16710140 edk2_2022.11.orig.tar.xz 943faba2970a3f0cef380fd34956995b83284cd9 76332 edk2_2022.11-6+deb12u1.debian.tar.xz b8d21829490add584f0cecc196a0bdc4a623c688 11453 edk2_2022.11-6+deb12u1_source.buildinfo Checksums-Sha256: 3a253f22df9c09b62b188a1002e340e61d090916bf56b33b3e354fd9f34ebd98 2709 edk2_2022.11-6+deb12u1.dsc 64257dd8a2778c969b8a869cd3b6eda2db2a346bfcf24dc729859745968f1fd6 16710140 edk2_2022.11.orig.tar.xz fbbbcd8ae0a6121dea85f0bf45f7babb780e5122ff89012e1652d61e08be3363 76332 edk2_2022.11-6+deb12u1.debian.tar.xz 1d9a0ab08a59da40c36633bfeee66878771884d3b630b0dff4616ae045f72929 11453 edk2_2022.11-6+deb12u1_source.buildinfo Files: 0807c011d467704a71c536a9be0fcf5f 2709 misc optional edk2_2022.11-6+deb12u1.dsc 5796c83c4624ff00c9c8703cf5424827 16710140 misc optional edk2_2022.11.orig.tar.xz 76f0271953a6c42860c0d28f10193b76 76332 misc optional edk2_2022.11-6+deb12u1.debian.tar.xz 05792c3d0653739e9a00c6e35b7565ed 11453 misc optional edk2_2022.11-6+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAmXL6vERHGRhbm5mQGRl Ymlhbi5vcmcACgkQG/g8XlT8hkAKHQ//cOFtPXPyCRq6haA2/fNwXSP54xkBUYYT aONP3n/vVxbDg5pN9lhMbyKn2rD/BknkDt23BwWhaHktibaOUD5Rr+LiwOoZx0o7 yrFVZ2Jmx/8JrMC+sSyK8kxpZZiUiFyT4OOD7zyxnPr2uUUxDLVgGs4InSC/aLHh QrFW1iOieVHp/vfD+BNJRa9qABLLFQN27bcNGos7S5PXUA3k5E3cqLbULFFOy9fO B6gjJLQm4L4/YuPPIuG+cdJ1/RSe6CfRvk2uyR+8sijVph5Xp/UIotHTBapJGh+a 8lv7nPj8k4eFOS2aimBJ83oslMNc5F4PIK21KWtf0eHwqRi66jJBdBuRXOU4lnyr O2f57s2klRTnyZp+mFDwFdrMZLstEeFDj8fooiqg55jiBJW1bQaB1NsjVmg4C2UC cxJPhIcDprL/aADMRD0ZOGBum2U7bWupGdC2DX/tZZEkM/vEsRjkaGNBy8YQth1t m/N/1SKmY6G5J4aYSymsP6ZY5j2qno0KQ3mDX991NfmNP53hOu79kh1bBuc7x6jS ZmDhBC1j8ERSIYUnr32+GDPvM5CIRCyCFvic9Qwt0DRA1ZQChWj5vxDc8zhxcnUF tP9AQnMHhUXWfLNEnCVq7au5VUu7ONa1A56vsK//gVvmbYElX29S8vXQcm/ETALE HdHwst8nnvo= =RoSs -----END PGP SIGNATURE-----