An out-of-bounds memory read flaw was found in shim when IPv6 network booting was enabled. A specially-crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting. Note that performing a secure boot over the network is not a common scenario. Acknowledgements: Red Hat would like to thank the SUSE Security Team for reporting this issue.
Created attachment 942902 [details] proposed patch
Public now: http://seclists.org/oss-sec/2014/q4/311
Created shim tracking bugs for this issue: Affects: fedora-all [bug 1152388]
shim-0.8-1.fc22, shim-signed-0.8-1.fc22, mokutil-0.2.0-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: An out-of-bounds memory read flaw was found in the way shim parsed certain IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting if IPv6 booting was enabled.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1801 https://rhn.redhat.com/errata/RHSA-2014-1801.html
mokutil-0.2.0-1.fc19, shim-signed-0.8-2 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mokutil-0.2.0-1.fc20, shim-signed-0.8-3 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.