diff --git a/0002-fix-CVE-2024-42934.patch b/0002-fix-CVE-2024-42934.patch new file mode 100644 index 0000000000000000000000000000000000000000..3ddd3db16e24f28db20d834a037d12a3a168e362 --- /dev/null +++ b/0002-fix-CVE-2024-42934.patch @@ -0,0 +1,42 @@ +From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001 +From: Corey Minyard +Date: Tue, 8 Oct 2024 23:57:21 +0800 +Subject: [PATCH] fix CVE-2024-42934 + +lanserv: Check some bounds on incoming messages + +--- + lanserv/lanserv_ipmi.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c +index ccd6001..03531f1 100644 +--- a/lanserv/lanserv_ipmi.c ++++ b/lanserv/lanserv_ipmi.c +@@ -882,6 +882,11 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg) + } + + auth = msg->data[0] & 0xf; ++ if (auth >= MAX_IPMI_AUTHS) { ++ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, ++ "Activate session failed: Invalid auth: 0x%x", auth); ++ return; ++ } + user = &(lan->users[user_idx]); + if (! (user->valid)) { + lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, +@@ -3034,6 +3039,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, + } + + msg.authtype = data[4]; ++ if (auth >= MAX_IPMI_AUTHS) { ++ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, ++ "Activate session failed: Invalid auth: 0x%x", auth); ++ return; ++ } + msg.data = data+5; + msg.len = len - 5; + msg.channel = lan->channel.channel_num; +-- +2.43.0 + diff --git a/OpenIPMI.spec b/OpenIPMI.spec index 06e54e74144da163287a5c77d02365654e589830..db5a2315b0bda0267f035f6fb05dedfc840ab395 100644 --- a/OpenIPMI.spec +++ b/OpenIPMI.spec @@ -1,6 +1,6 @@ Name: OpenIPMI Version: 2.0.32 -Release: 3 +Release: 4 Summary: IPMI (Intelligent Platform Management Interface) library and tools License: LGPLv2+ and GPLv2+ or BSD URL: https://sourceforge.net/projects/openipmi/ @@ -11,6 +11,7 @@ Source3: openipmi-helper Patch0: 0001-man.patch Patch1: backport-fix-coredump-when-use-ipmi_ui.patch +Patch2: 0002-fix-CVE-2024-42934.patch BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: openssl-devel python3-devel perl-devel perl-generators @@ -148,6 +149,12 @@ make check %exclude %{_mandir}/man1/openipmigui.1 %changelog +* Wed Oct 09 2024 changtao - 2.0.32-4 +- Type:CVE +- ID:CVE-2024-42934 +- SUG:NA +- DESC:fix CVE-2024-42934 + * Tue Nov 21 2023 yanglu - 2.0.32-3 - Type:enhancement - CVE:NA