subject:"\[edk2\-devel\] \[PATCH v2 08\/13\] NetworkPkg\:\: SECURITY PATCH CVE\-2023\-45237"

Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

2024-05-15 Thread Saloni Kasbekar

Reviewed-by: Saloni Kasbekar -Original Message- From: Doug Flick Sent: Wednesday, May 8, 2024 10:56 PM To: devel@edk2.groups.io Cc: Kasbekar, Saloni ; Clark-williams, Zachary Subject: [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 From: Doug Flick REF:https://bugzilla.

Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

2024-05-13 Thread Ard Biesheuvel

Could we please include gEfiRngAlgorithmArmRndr in the list of accepted RNG protocols? The ARM architecture reference mandates the use of a DRBG that complies with NIST SP800-90A Rev 1 to produce the random output emitted by RNDR/RNDRRS, and so it matches the requirement imposed by this change.

[edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

2024-05-08 Thread Doug Flick via groups.io

From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542 Bug Overview: PixieFail Bug #9 CVE-2023-45237 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Use of a Weak PseudoRandom Number Generator Change Ove

Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

3 matches

Site Navigation

Mail list logo

Footer information