From 3c1cf95b979cea6b0dee6e107756558a7a71d4ac Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Fri, 16 Feb 2024 10:48:05 -0500 Subject: [PATCH 14/18] NetworkPkg: : Adds a SecurityFix.yaml file RH-Author: Jon Maloy RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853 RH-Acked-by: Gerd Hoffmann RH-Acked-by: Laszlo Ersek RH-Commit: [14/18] dddbcbe14e38dc1bb03acf4622d6285090c4bb02 JIRA: https://issues.redhat.com/browse/RHEL-21853 CVE: CVE-2022-45235 Upstream: Merged commit 1d0b95f6457d225c5108302a9da74b4ed7aa5a38 Author: Doug Flick via groups.io Date: Fri Jan 26 05:54:57 2024 +0800 NetworkPkg: : Adds a SecurityFix.yaml file This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] Reviewed-by: Saloni Kasbekar Signed-off-by: Jon Maloy --- NetworkPkg/SecurityFixes.yaml | 123 ++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 NetworkPkg/SecurityFixes.yaml diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml new file mode 100644 index 0000000000..7e900483fe --- /dev/null +++ b/NetworkPkg/SecurityFixes.yaml @@ -0,0 +1,123 @@ +## @file +# Security Fixes for SecurityPkg +# +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## +CVE_2023_45229: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests" + cve: CVE-2023-45229 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message" + note: + files_impacted: + - NetworkPkg\Dhcp6Dxe\Dhcp6Io.c + - NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4534 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45229 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +CVE_2023_45230: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests" + cve: CVE-2023-45230 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 02 - edk2/NetworkPkg: Buffer overflow in the DHCPv6 client via a long Server ID option" + note: + files_impacted: + - NetworkPkg\Dhcp6Dxe\Dhcp6Io.c + - NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4535 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45230 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +CVE_2023_45231: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests" + cve: CVE-2023-45231 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 03 - edk2/NetworkPkg: Out-of-bounds read when handling a ND Redirect message with truncated options" + note: + files_impacted: + - NetworkPkg/Ip6Dxe/Ip6Option.c + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4536 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45231 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +CVE_2023_45232: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests" + cve: CVE-2023-45232 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 04 - edk2/NetworkPkg: Infinite loop when parsing unknown options in the Destination Options header" + note: + files_impacted: + - NetworkPkg/Ip6Dxe/Ip6Option.c + - NetworkPkg/Ip6Dxe/Ip6Option.h + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4537 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45232 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +CVE_2023_45233: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests" + cve: CVE-2023-45233 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 05 - edk2/NetworkPkg: Infinite loop when parsing a PadN option in the Destination Options header " + note: This was fixed along with CVE-2023-45233 + files_impacted: + - NetworkPkg/Ip6Dxe/Ip6Option.c + - NetworkPkg/Ip6Dxe/Ip6Option.h + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4538 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45233 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +CVE_2023_45234: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Unit Tests" + cve: CVE-2023-45234 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 06 - edk2/NetworkPkg: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message" + note: + files_impacted: + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4539 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45234 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +CVE_2023_45235: + commit_titles: + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Patch" + - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Unit Tests" + cve: CVE-2023-45235 + date_reported: 2023-08-28 13:56 UTC + description: "Bug 07 - edk2/NetworkPkg: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message" + note: + files_impacted: + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4540 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45235 + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html -- 2.39.3