CVE-2022-4087: A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. Patch (unreleased): https://github.com/ipxe/ipxe/commit/186306d6199096b7a7c4b4574d4be8cdb8426729
Version 1.21.1 that we have in tree was released in December 2020. The function in question, tls_new_ciphertext(), does not even contain the "if ( is_block_cipher ( ... ) ) { ... }" code block... I am contemplating to simply bump the ebuild to a current snapshot of the github repository. It has seen some activity lately.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1112a96564118f3449b46e3d02e47e33663b7587 commit 1112a96564118f3449b46e3d02e47e33663b7587 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2023-06-18 03:31:14 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2023-06-18 03:46:07 +0000 sys-firmware/ipxe: add 1.21.1_p20230601 - update to a git snapshot from early 2023-06-01 - add efi32 and efi64 use flags for compiling/installing 32bit and 64bit variants of the ipxe.efi binary Bug: https://bugs.gentoo.org/882393 Bug: https://bugs.gentoo.org/888827 Signed-off-by: Matthias Maier <tamiko@gentoo.org> sys-firmware/ipxe/Manifest | 2 + sys-firmware/ipxe/ipxe-1.21.1_p20230601.ebuild | 127 +++++++++++++++++++++++++ sys-firmware/ipxe/metadata.xml | 3 +- 3 files changed, 131 insertions(+), 1 deletion(-)
Thanks! Let's stable when ready.
(In reply to John Helmert III from comment #3) > Thanks! Let's stable when ready. FWIW, ipxe 1.21.1_p20230601 was added as stable (not sure if intentional or not).
Thanks, missed that
