diff --git a/0002-fix-CVE-2024-42934.patch b/0002-fix-CVE-2024-42934.patch new file mode 100644 index 0000000000000000000000000000000000000000..d28827c975334892b4aa4776d941272fc02f3971 --- /dev/null +++ b/0002-fix-CVE-2024-42934.patch @@ -0,0 +1,43 @@ +From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001 +From: Corey Minyard +Date: Tue, 8 Oct 2024 23:38:14 +0800 +Subject: [PATCH] fix CVE-2024-42934 + +lanserv: Check some bounds on incoming messages + +--- + lanserv/lanserv_ipmi.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c +index ccd6001..6ac5e3e 100644 +--- a/lanserv/lanserv_ipmi.c ++++ b/lanserv/lanserv_ipmi.c +@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg) + } + + auth = msg->data[0] & 0xf; ++ if (auth >= MAX_IPMI_AUTHS) { ++ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, ++ "Activate session failed: Invalid auth: 0x%x", auth); ++ return; ++ } ++ + user = &(lan->users[user_idx]); + if (! (user->valid)) { + lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, +@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, + } + + msg.authtype = data[4]; ++ if (msg.authtype >= MAX_IPMI_AUTHS) { ++ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, ++ "LAN msg failure: Invalid authtype"); ++ return; ++ } + msg.data = data+5; + msg.len = len - 5; + msg.channel = lan->channel.channel_num; +-- +2.43.0 + diff --git a/OpenIPMI.spec b/OpenIPMI.spec index 4196dd99d9f2bfe97483a429e3f24dca8d2f3b10..b162121d6ba9d9b3c6fe757f661139c6dd83b849 100644 --- a/OpenIPMI.spec +++ b/OpenIPMI.spec @@ -1,6 +1,6 @@ Name: OpenIPMI Version: 2.0.34 -Release: 1 +Release: 2 Summary: IPMI (Intelligent Platform Management Interface) library and tools License: LGPLv2+ and GPLv2+ or BSD URL: https://sourceforge.net/projects/openipmi/ @@ -10,6 +10,7 @@ Source2: ipmi.service Source3: openipmi-helper Patch0: 0001-man.patch +Patch1: 0001-fix-CVE-2024-42934.patch BuildRequires: make gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: openssl-devel python3-devel perl-devel perl-generators @@ -146,6 +147,12 @@ make check %exclude %{_mandir}/man1/openipmigui.1 %changelog +* Wed Oct 09 2024 changtao - 2.0.34-2 +- Type:CVE +- ID:CVE-2024-42934 +- SUG:NA +- DESC:fix CVE-2024-42934 + * Fri Jan 05 2024 yanglu - 2.0.34-1 - Type:requirement - CVE:NA