diff --git a/backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch b/backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..c143fee9cb7c04fa8398502244580d18cff2986a --- /dev/null +++ b/backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch @@ -0,0 +1,32 @@ +From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang +Date: Mon, 17 Feb 2025 10:31:55 +0800 +Subject: [PATCH] pam_cap: Fix potential configuration parsing error + +The current configuration parsing does not actually skip user names +that do not start with @, but instead treats the name as a group +name for further parsing, which can result in matching unexpected +capability sets and may trigger potential security issues. Only +names starting with @ should be parsed as group names. + +Signed-off-by: Tianjia Zhang +Signed-off-by: Andrew G. Morgan +--- + pam_cap/pam_cap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c +index 24de329..3ec99bb 100644 +--- a/pam_cap/pam_cap.c ++++ b/pam_cap/pam_cap.c +@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source) + + if (line[0] != '@') { + D(("user [%s] is not [%s] - skipping", user, line)); ++ continue; + } + + int i; +-- +2.33.0 + diff --git a/libcap.spec b/libcap.spec index 1105e40c52a27679fee767051e41c2b43bc80730..40409256adc6d66fc55119152a1523bc31f5c926 100644 --- a/libcap.spec +++ b/libcap.spec @@ -1,6 +1,6 @@ Name: libcap Version: 2.32 -Release: 7 +Release: 8 Summary: A library for getting and setting POSIX.1e draft 15 capabilities License: GPLv2 URL: https://sites.google.com/site/fullycapable @@ -15,6 +15,7 @@ Patch5: backport-Guarantee-sufficient-memory-for-scratch-pathname.patch Patch6: backport-getpcaps-catch-PID-parsing-errors.patch Patch7: backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch Patch8: backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch +Patch9: backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch BuildRequires: libattr-devel pam-devel perl-interpreter gcc @@ -75,6 +76,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.* %{_mandir}/man8/*.gz %changelog +* Tue Mar 04 2025 Linux_zhang - 2.32-8 +- fix CVE-2025-1390 + * Mon Jul 3 2023 wangyunjia - 2.32-7 - VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build