A heap-based buffer overflow flaw was found in shim when parsing IPv6 addresses. If IPv6 network booting were enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. Note that performing a secure boot over the network is not a common scenario. Acknowledgements: Red Hat would like to thank the SUSE Security Team for reporting this issue.
The proposed patch for this issue is the same as in https://bugzilla.redhat.com/show_bug.cgi?id=1148230#c2
Public now: http://seclists.org/oss-sec/2014/q4/311
Created shim tracking bugs for this issue: Affects: fedora-all [bug 1152388]
shim-0.8-1.fc22, shim-signed-0.8-1.fc22, mokutil-0.2.0-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1801 https://rhn.redhat.com/errata/RHSA-2014-1801.html
mokutil-0.2.0-1.fc19, shim-signed-0.8-2 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mokutil-0.2.0-1.fc20, shim-signed-0.8-3 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.