Bugzilla – Bug 1153072
VUL-0: CVE-2019-14553: ovmf: edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot
Last modified: 2020-05-13 13:15:07 UTC
rh#1758518 edk2 accepts invalid certificates in HTTPS-over-IPv6 boot, which would allow an attacker to perform a man-in-the-middle attack even when HTTPS is used. In particular, the Common Name (CN) of the certificate is not correctly checked, thus the boot succeeds even if it should not be performed. Upstream issue: https://bugzilla.tianocore.org/show_bug.cgi?id=960 References: https://bugzilla.redhat.com/show_bug.cgi?id=1758518 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14553
The patch set is still under discussion, so we probably have to wait for the final patches. https://www.mail-archive.com/devel@edk2.groups.io/msg09643.html
The v2 patch set was posted. https://edk2.groups.io/g/devel/message/49462
The patches are pushed into upstream git. Will start to backport them.
It turned out that HTTPS Boot in SLE15/SLE15-SP1 and SLE12-SP4/SP5 isn't really enabled. The build parameter should be TLS_ENABLE instead of ENABLE_TLS, so only Tumbleweed is affected.
The fix is already landed in openSUSE:Factory.
not affected
The fix for SLE15, SLE12-SP3, and SLE12-SP4(SP5) is submitted.
SUSE-SU-2020:0568-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1153072,1163927,1163959,1163969 CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): ovmf-2017+git1510945757.b2662641d5-5.29.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0314-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1153072,1163927,1163959,1163969 CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: openSUSE Leap 15.1 (src): ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
SUSE-SU-2020:0699-1: An update that fixes four vulnerabilities is now available. Category: security (low) Bug References: 1153072,1163927,1163959,1163969 CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): ovmf-2017+git1510945757.b2662641d5-3.23.1 SUSE Linux Enterprise Server 12-SP4 (src): ovmf-2017+git1510945757.b2662641d5-3.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done