Hi, this is an important release as it fixes a vulnerability in our userland tool set and library. CVE-2023-39950 [1] has been assigned to this issue.
Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files could cause crashes and probably also code injections into bg_setenv or programs using libebgenv. This was triggered when the affected components tried to modify a manipulated environment, in particular its user variables. SWUpdate in its default configuration for EFI Boot Guard does not fall into that category, unless integrators have chosen to deviate from this. Also not affected by this issue is EFI Boot Guard's bootloader EFI binary. In addition, several code cleanups have been performed, and also the test suite has been improved along this. Thanks to all contributors, specifically to Patrice from Code Intelligence for finding the issue while enabling a fuzz-testing case study with EFI Boot Guard! Jan [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39950 Earl Chew (5): Add LIBCHECK_CFLAGS to AM_CFLAGS Refactor tests to support ENV_NUM_CONFIG_PARTS == 1 Verify fork() support Clean up temporary directories kernel-stub: Check for overflow when casting to VOID * Jan Kiszka (8): kernel-stub: Avoid warnings when converting buffer addresses to pointers Fail build on warnings in efi sources tools: Ensure that kernelfile and kernelparams are null-terminated Introduce validation of bgenv prior to its usage Fix memory leak in probe_config_partitions Privatize bgenv_serialize_uservar and bgenv_uservar_[re]alloc SECURITY: Expand the scope to userspace tools and libs Bump version number Michael Adler (8): refactor: replace magic numbers with USTATE_MAX fix: correctly parse ustate in journal_process_action chore: ensure OPT macro fully initializes struct members chore: fix compiler warning about unused parameters chore: use function declaration from header chore: enable more compiler warnings chore: introduce editorconfig for consistent coding styles test: load BGENV with manipulated payload size -- Siemens AG, Technology Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/e4f3b747-4e6e-44fd-80d2-005887f5b4a9%40siemens.com.
