From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 56D0B74003E for ; Mon, 12 Feb 2024 17:18:06 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=2kKnyD/m/Fa2zL3ovl/DraS55trhOPcdhS5v4l4fcto=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1707758285; v=1; b=Q2eVmEjkD46a496FYgrw3j8lgJg4Ue1V5+tf74wv+B1NAnpU1YqeJQ86ZnrUQ5/4MpOLdCr1 spKjsDR5eghOqeJ+gX3sO4tF/glTYqBYCRivlzbCRJV5JsmxH8vrJuSvwiHSgqMBJeS9MBx0lqC b1MrXegFtV5VfSpas7jo0NBU= X-Received: by 127.0.0.2 with SMTP id R0UvYY7687511xLl47wfp5sL; Mon, 12 Feb 2024 09:18:05 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) by mx.groups.io with SMTP id smtpd.web11.12279.1707758284442167953 for ; Mon, 12 Feb 2024 09:18:04 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10982"; a="12299030" X-IronPort-AV: E=Sophos;i="6.06,264,1705392000"; d="scan'208";a="12299030" X-Received: from orviesa002.jf.intel.com ([10.64.159.142]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Feb 2024 09:18:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,155,1705392000"; d="scan'208";a="33435922" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orviesa002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 12 Feb 2024 09:18:04 -0800 X-Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 12 Feb 2024 09:18:03 -0800 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 12 Feb 2024 09:18:03 -0800 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (104.47.51.41) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 12 Feb 2024 09:18:03 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K+GRmUCMxhI4wXCPlOR9yoKpZ/vMhQXPlI+Hispx2WOlU+KryUKnucjJB9NsQD5fIEMPIQ9JHX8bIa/bL4du97ykMPmZ0H7sUsXqR9QBE0lDevL9rAEMTljj6D18HoqnjqDXsm5LBojGBW9OlZBLgSWTA0pkwWbO7J9ND80zQu+V8x1ptNuqcZ6rN1CwuaGoF4FwsNQ+1VcHtwSSKGEeLgaoKKZWJcg2cHzKJShxvzN987XMg896uBSygiqnccebcCnUY+lxukFy171nyUP3/ySq9NJZk/JgVkkJmBIfk+qQsxj8fVEyiGUFhROr1uVz+zelIwRT/AbGqtpWCEHtJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dKeo85OAIC+izRT9C0WxyRTSwmALU4Vii+GZFQmMvMc=; b=JNKUUfY+WhylZTBfjPtOP9KZdQt66F61yaBcrsq+iejZ+BOl9lcHJ62GyU5kVYFqKrX+Bfgm92pkuA3qVTlYYeZLpplabBhMJZcoaeMMvvhhDW1LKhXw+JsvDaHrLhbFK8K1UwBPdz1pCzIUx9kF/XIKdQx5hMhH9WuhNtloq/rDlefh81nWfpYFXPbryreCYhCI4Z0SpVMWNpqRpB857SS0QUiGTyJnvW+CUAsKbNyD1v6OSDOD6R3BVrMmDTL3e86ADkXBhZvLmypt+jigpgXDMhV4OcgIVbLhbdZgCD642olZUnEdvS2bN4ChpOce6jeM6VKJSkuXMQNwJkHreA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20) by PH8PR11MB6705.namprd11.prod.outlook.com (2603:10b6:510:1c4::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.24; Mon, 12 Feb 2024 17:17:55 +0000 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f]) by SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f%5]) with mapi id 15.20.7270.036; Mon, 12 Feb 2024 17:17:55 +0000 From: "Saloni Kasbekar" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" , "Kinney, Michael D" CC: "Clark-williams, Zachary" , Andrew Fish , Leif Lindholm Subject: Re: [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg Thread-Topic: [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg Thread-Index: AQHaW8WQ/dbClcHf3kCkfcjDokhqfrEG9oYQ Date: Mon, 12 Feb 2024 17:17:55 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|PH8PR11MB6705:EE_ x-ms-office365-filtering-correlation-id: 3a3aa96b-e2fa-4ed9-2542-08dc2bee8da1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: B9QJVnbOrte2RJ4imzrLdw7Ebp2bVQzenYU7dFgsSlL+78hJFCPs42buzkBcxIsF1k/65fwXPiW2fxsuCvMhUGlmUjjG30ZvtEFq1y6LVifnt6SvvvMJNaA2ZeTWiut7gtTFCCxfd+uB/zWimAiSFV1Q0uBSJCS8amlo/zrhM3AiaSEv5KFlNi5WbI9Z7Yts7YJfc+AnUnSbBBUSUbA+afTpQiHFvAMHitRJgDtF/biOg8EK8YjWcAEa1uw9v2YOGxoVKU0UmiPtIzqUITI82v5zFt6W4lbxk/JRjCohjPv3LCZBapwdPbO4B/ViOnVxOKSPDN1lMyokNuukNCL4djfz632rJpViQM37rJA9F6hmDA9AdxbCAaDvoFudrgn0DIBzNys6aGZ73XvCMP7j4A296ufBXI7Oo0ybqRZdYSzaZunOwkkkfEFuWZY0g5yhl8caVf0NEEbfFM5jDaeLhBpVvCu52ywuQCi00dfu8+hg+Gcn9lSNnGibW1Jf4/Z5Y3bqu2iUNIr3XKxWHQwiqI9FeAhgopIhbvGxJQhHTZo798GVi4EtSgiBemILTL8qQxmcz787lmnLZaBnMhNJyDCzdS0nIA8KOQyhgfD+paaMVOYBEbGehUdup4Kcs6eM x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?OhbPTsqJu4A1fmfYLup0jzmh2HCgRZ02EolVRH7mVZJAfhiZ2+AkzT0V9okG?= =?us-ascii?Q?K+RJDpL+1fuPkjiYYM4m2j15tLQyg67TqNGbUmeOeCFE6vjAkYFepe0w7Q39?= =?us-ascii?Q?bK0df7JNot5h4jho5ujrXDn0IVFktMCYtYrfetd1F0Rhw858/CmEynZdAtvi?= =?us-ascii?Q?4wqhX2vnu4JM3VnNHKGrou7sc599+ysMmgoVhdP1SticyNzALZp27l7UgUXP?= =?us-ascii?Q?oYNp7FaULEhKOflYTkfyzmUf+0WSAtlr7OMOZIrr0UaRUDanpsPDdgTGbPUT?= =?us-ascii?Q?lkBstVxddrt8cJVeF+/WhmOsS1fu+6JQHoo8kmvBTAKGldAa8kgl6l+6DGZh?= =?us-ascii?Q?dbx6fV2CDh7UJf1Y95lWuvNGS3Rrvv7if/VZCg5htJ3UDUBKE3aPF2l9W2Gt?= =?us-ascii?Q?1Eb58+D0hUBA2B9iINJ80rWLg5D1RZnnQNRz6givNsMlJgVOzVZpgdBlDooO?= =?us-ascii?Q?+sec4xbdZATv9hwx31ne3R96DsaBQ4FZKLmW/vrX4aIusxsp+uW+RxH1vdhy?= =?us-ascii?Q?eh5d+HA3oro0quV5wGEjEX7GrhqITDxi+becnvTawwMY67Kc73ybC8pDW4hC?= =?us-ascii?Q?t4z1kbTSLtxG7IafTHlcUsC3kDMqS71Z5SE6IPCNS1Y6f8N0CyVDED3mj2Oh?= =?us-ascii?Q?/hsYpctIRt1cTvRMWisqh8qMgDXuwu/pNWiAE2Tr0z519bZ/243gRM+cn5Pq?= =?us-ascii?Q?jxbVEStZ8a25AvcfGAT8dzUt3EU3QHLEc2X2SmEZFw0oW4S8D327EJOtf0+X?= =?us-ascii?Q?ZqDuTIsOgLOsfizYPtw0krhT0qk0h062+ge2fL49dlfDGydchoHgFmjKJUse?= =?us-ascii?Q?lKfuZO0t8rc725CjWZsTuihA5oWJpc6+PaTKm9hWfy4cTLZkS28rnrEHHMAK?= =?us-ascii?Q?d5OUiJhezV5ue1Tf1gjEONX51+sH62sXkYo20M3QQuUfAXZxDQ1MdEBfKJLe?= =?us-ascii?Q?NpT6gK5DnshH9vpi1rFyl6PN2VmsyYVug4Q/+8bzpagHQfU5NJgoKvGV5BQj?= =?us-ascii?Q?TPDD53NCXESduJEF0E0Gz/f3gfJmQGZc1riR++PJnDI/R5enw42IurUBEnSs?= =?us-ascii?Q?FaFGAlQg2kSLzf7Tlj7cjy+OEmxMgCZ3o62rwLhJb79+FAbmdExk3LubFpT4?= =?us-ascii?Q?J4bmhxjQBiRYy2M48jqZQadLDBmEalE/i1IdHFzOH3a3JqHzqZHixL0dkNtI?= =?us-ascii?Q?KbIbqJVj1DO8rTu5o8wytIhkCszy1kZtfwG5gj7KBlzTGv8X62qLkqFv9kxw?= =?us-ascii?Q?RbTdAPsZpHvXV4gp9uyDlCVGLXb4Gg/XDjjY4wPhQZDfHq8BOZsxAQ3oHi3z?= =?us-ascii?Q?8HJNIj1EIpybsMYScZIlszWymM2mjT6hf0Bk72BcB00EEKHZddqNji/28woL?= =?us-ascii?Q?beAJWcMStvvxySTQEIyszZcDPI5PS9q6lh2jc4gMFkOp7AuL2UC9DHtFJMbk?= =?us-ascii?Q?o7VCsamaui+goulZRVfPOuH7GZ/Yk8KDovUPCtIGJF8nkmko9bP8Mb1z2pz+?= =?us-ascii?Q?K5VK0ErUOYsxcSg6DGxmwprD/3LL0uedvDSQjrqhZymNWGuM4Ow1eJNbCWQ7?= =?us-ascii?Q?Viy+oF1DXt27uG8Eidvd9DgSEIqGrwV4R60m04DO?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3a3aa96b-e2fa-4ed9-2542-08dc2bee8da1 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2024 17:17:55.7929 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xexPvoPUEdjriv9zXEKdtF3PVsi08CEpiW1KgThMi8p0bdSXUtH01tEq4L1gCpcwVQi1MfU9tBekQ/vx9q17wq73e2jPyfOoW4XRTd7VOLI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB6705 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Rx88QOJOxVdeqNYiIOPrLStgx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Q2eVmEjk; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Hi Mike, Could you please consider taking this for the edk2-stable202402 patches? Wh= ile they weren't part of the bugs reported by Quarkslab, they follow a simi= lar pattern and expose similar vulnerabilities to the bugs reported. My rec= ommendation would be to pull in these changes for the stable release so tha= t we have all the known vulnerabilities fixed as a part of the release. Thanks, Saloni -----Original Message----- From: Douglas Flick [MSFT] =20 Sent: Friday, February 9, 2024 7:05 PM To: devel@edk2.groups.io Cc: Douglas Flick [MSFT] ; Kasbekar, Saloni ; Clark-williams, Zachary ; Andrew Fish ; Leif Lindholm ; Kinney, Michael D Subject: [PATCH 0/3] [edk2-stable202402] Corrects additional concern in Net= workPkg After talking with Micheal Kinney, I was advised to resend these with edk2-= stable202402, and CC Stewards. These patches are time sensitive and need reviews. This patch series corrects an additional security concern found in Dhc6Dxe = related to CVE-2023-45229.=20 Additionally this fixes some issues on the mailing list that were not pulle= d in before merging into Edk2. Cc: Saloni Kasbekar Cc: Zachary Clark-williams Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Doug Flick (3): [edk2-stable202402] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch [edk2-stable202402] NetworkPkg: Dhcp6Dxe: Additional Code Cleanup [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 232 +++++++++++++++++------------ NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 20 +-- NetworkPkg/SecurityFixes.yaml | 1 + 3 files changed, 141 insertions(+), 112 deletions(-) -- 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115366): https://edk2.groups.io/g/devel/message/115366 Mute This Topic: https://groups.io/mt/104272125/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-